Описание
Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
FAQ
According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L), and availability (A:N). What does that mean for this vulnerability?
Successful exploitation of this vulnerability has limited impacts to Confidentiality and Integrity and no impact on Availability. An attacker would need to combine this vulnerability with other vulnerabilities to perform an attack.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass the permissions dialog feature prompt presented to users when initiating a download.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Уязвимость браузера Microsoft Edge, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки
EPSS
5.4 Medium
CVSS3