Cyber Resilience

CVE-2022-23264

Medium

Published: 29 June 2023

Published
29 June 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score 0.0020 42.4th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-23264 is a medium-severity an unspecified weakness vulnerability in Microsoft Edge Chromium. Its CVSS base score is 4.7 (Medium).

Operationally, ranked at the 42.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Deeper analysis

Microsoft Edge (Chromium-based) contains a spoofing vulnerability tracked as CVE-2022-23264. The flaw received a CVSS 3.1 score of 4.7 with the vector AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N and was published on 29 June 2023.

An unauthenticated remote attacker can exploit the issue by serving a malicious web page that requires user interaction. Successful exploitation allows the attacker to spoof content in the browser UI, producing limited integrity impact with changed scope but no loss of confidentiality or availability.

The associated EPSS score remained low for an extended period before rising from a baseline near 0.0020 to a peak of 0.0762 on 22 January 2025 and subsequently receding, indicating a temporary increase in observed exploitation interest after disclosure. Microsoft publishes remediation guidance in its Security Response Center advisory at the listed reference URL.

EU & UK References

Vulnerability details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
edge chromium
≤ 98.0.1108.50

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References