Описание
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
What is the version information for this release?
| Microsoft Edge Version | Date Released | Based on Chromium Version |
|---|---|---|
| 140.0.3485.71 | 09/16/2025 | 140.0.7339.133 |
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (Chromium-based) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Уязвимость браузера Microsoft Edge, связанная с отсутствием предупреждений об опасных действиях, позволяющая нарушителю проводить спуфинг атаки
EPSS
4.7 Medium
CVSS3