CVE-2022-24523
Published: 05 April 2022
Summary
CVE-2022-24523 is a medium-severity an unspecified weakness vulnerability in Microsoft Edge Chromium. Its CVSS base score is 4.3 (Medium).
Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Edge (Chromium-based) contains a spoofing vulnerability tracked as CVE-2022-24523. The flaw received a CVSS 3.1 base score of 4.3 with the vector string AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating a network-reachable issue that requires user interaction to produce limited integrity impact without affecting confidentiality or availability.
An unauthenticated remote attacker can exploit the vulnerability by serving specially crafted content that the browser renders in a misleading way. Successful exploitation allows the attacker to spoof information presented to the user, potentially leading the victim to perform unintended actions such as following a falsified link or trusting incorrect page content.
Microsoft has published remediation guidance in its Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24523, which directs administrators to apply the security updates released for Microsoft Edge. The associated EPSS score remains at 0.0664 with no recorded increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29403
Vulnerability details
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.