CVE-2022-23264
Published: 29 June 2023
Summary
CVE-2022-23264 is a medium-severity an unspecified weakness vulnerability in Microsoft Edge Chromium. Its CVSS base score is 4.7 (Medium).
Operationally, ranked at the 42.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Edge (Chromium-based) contains a spoofing vulnerability tracked as CVE-2022-23264. The flaw received a CVSS 3.1 score of 4.7 with the vector AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N and was published on 29 June 2023.
An unauthenticated remote attacker can exploit the issue by serving a malicious web page that requires user interaction. Successful exploitation allows the attacker to spoof content in the browser UI, producing limited integrity impact with changed scope but no loss of confidentiality or availability.
The associated EPSS score remained low for an extended period before rising from a baseline near 0.0020 to a peak of 0.0762 on 22 January 2025 and subsequently receding, indicating a temporary increase in observed exploitation interest after disclosure. Microsoft publishes remediation guidance in its Security Response Center advisory at the listed reference URL.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28351
Vulnerability details
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.