Cyber Resilience

CVE-2022-24523

Medium

Published: 05 April 2022

Published
05 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0664 91.4th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-24523 is a medium-severity an unspecified weakness vulnerability in Microsoft Edge Chromium. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Microsoft Edge (Chromium-based) contains a spoofing vulnerability tracked as CVE-2022-24523. The flaw received a CVSS 3.1 base score of 4.3 with the vector string AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating a network-reachable issue that requires user interaction to produce limited integrity impact without affecting confidentiality or availability.

An unauthenticated remote attacker can exploit the vulnerability by serving specially crafted content that the browser renders in a misleading way. Successful exploitation allows the attacker to spoof information presented to the user, potentially leading the victim to perform unintended actions such as following a falsified link or trusting incorrect page content.

Microsoft has published remediation guidance in its Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24523, which directs administrators to apply the security updates released for Microsoft Edge. The associated EPSS score remains at 0.0664 with no recorded increase since disclosure.

EU & UK References

Vulnerability details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
edge chromium
≤ 100.0.1185.29

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References