Cyber Resilience

CVE-2022-29147

Low

Published: 29 June 2023

Published
29 June 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0163 82.3th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29147 is a low-severity an unspecified weakness vulnerability in Microsoft Edge Chromium. Its CVSS base score is 3.1 (Low).

Operationally, ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Microsoft Edge (Chromium-based) contains a spoofing vulnerability identified as CVE-2022-29147. The flaw carries a CVSS 3.1 base score of 3.1 and is characterized by network attack vector, high attack complexity, no required privileges, and required user interaction, resulting in limited integrity impact without affecting confidentiality or availability.

An unauthenticated remote attacker can leverage the issue to present spoofed content to a victim, achieving a low-integrity outcome such as altered visual or navigational elements within the browser. Exploitation requires the victim to interact with attacker-controlled material and is constrained by the high complexity rating.

Microsoft has published official guidance for the vulnerability through its Security Response Center at the referenced update-guide URL. The associated EPSS score began at low levels, rose materially to a peak of 0.0762 on 2025-01-22, and has since receded to the current value of 0.0163, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
edge chromium
≤ 101.0.1210.32

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References