CVE-2022-29147
Published: 29 June 2023
Summary
CVE-2022-29147 is a low-severity an unspecified weakness vulnerability in Microsoft Edge Chromium. Its CVSS base score is 3.1 (Low).
Operationally, ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Edge (Chromium-based) contains a spoofing vulnerability identified as CVE-2022-29147. The flaw carries a CVSS 3.1 base score of 3.1 and is characterized by network attack vector, high attack complexity, no required privileges, and required user interaction, resulting in limited integrity impact without affecting confidentiality or availability.
An unauthenticated remote attacker can leverage the issue to present spoofed content to a victim, achieving a low-integrity outcome such as altered visual or navigational elements within the browser. Exploitation requires the victim to interact with attacker-controlled material and is constrained by the high complexity rating.
Microsoft has published official guidance for the vulnerability through its Security Response Center at the referenced update-guide URL. The associated EPSS score began at low levels, rose materially to a peak of 0.0762 on 2025-01-22, and has since receded to the current value of 0.0163, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-33556
Vulnerability details
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.