CVE-2021-24113: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Overview

Severity

Medium (CVSS 5.4)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Patch Tuesday

2021-Feb

Released

2021-02-04

Last Updated

2021-02-26

EPSS Score

1.85% (percentile: 83.0%)

FAQ

What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 88.0.705.62 2/4/2021 88.0.4324.146 What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability allows javascript to be executed in URL when copying then pasting it in the Edge browser.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://www.linkedin.com/in/Deepanraj95/">DeepanRaj Modernmonk(Technoidz)</a>

Revision History

• 2021-02-04: Information published.
• 2021-02-26: Updated one or more CVSS scores for the affected products. This is an informational change only.