CVE-2021-31982: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-May

Released

2021-05-27

Last Updated

2023-08-01

EPSS Score

3.75% (percentile: 88.0%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user have multiple browser instances open of the affected version of Microsoft Edge (Chromium-based), one of which is a specially crafted website hosted by the attacker. The user would need to access the URL of the malicious website and then click a popup displayed on that site. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and (A:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability could lead to a full compromise of the browser.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href= "https://www.linkedin.com/in/kingkaran977"> Karan Chaudhary

Revision History

• 2021-05-27: Information published.
• 2023-08-01: Updated one or more CVSS scores for the affected products. This is an informational change only.