CVE-2021-34475: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Overview

Severity

Medium (CVSS 5.4)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Patch Tuesday

2021-Jun

Released

2021-06-24

Last Updated

2023-08-01

EPSS Score

0.26% (percentile: 49.7%)

FAQ

What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 91.0.864.59 6/24/2021 91.0.4472.101 According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:N). What does that mean for this vulnerability? There are limited impact to Confidentiality and Integrity and no Avaibility impact from exploiting this vulnerability. An attacker would need to combine this with other vulnerabilities to perform an attack.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://www.linkedin.com/in/shankar-king-s-299919143">vemula Bhavani shankar</a> , <a href="https://www.daviderceg.com/">David Erceg</a>

Revision History

• 2021-06-24: Information published.
• 2021-09-21: Updated information to include CVSS scores. This is an informational change only.
• 2023-08-01: Added an FAQ. This is an information change only.