Описание
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
FAQ
What is the version information for this release?
| Microsoft Edge Version | Date Released | Based on Chromium Version |
|---|---|---|
| 133.0.3065.69 | 2/14/2025 | 133.0.6943.98/.99 |
According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?
While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who succesfully exploited this could bypass a user gesture requirement.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker must send the user a malicious file and convince them to open it.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
4.5 Medium
CVSS3
Связанные уязвимости
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Уязвимость браузера Microsoft Edge, связанная с переадресацией URL на ненадежный сайт при загрузке страницы входа, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
4.5 Medium
CVSS3