Описание
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker must send the user a malicious file and convince them to open it.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?
While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.
Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?
Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded". The CVSS scoring system doesn't allow for this type of nuance.
| Microsoft Edge Channel | Microsoft Edge Version | Date Released | Based on Chromium Version |
|---|---|---|---|
| Stable | 124.0.2478.51 | 4/18/2024 | 124.0.6367.60/.61 |
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
5 Medium
CVSS3
Связанные уязвимости
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Уязвимость браузера Microsoft Edge, связанная с неверным управлением генерацией кода, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
5 Medium
CVSS3