CVE-2022-26899: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Overview

Severity

Medium (CVSS 6.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Mar

Released

2022-03-17

EPSS Score

0.38% (percentile: 59.7%)

FAQ

What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 99.0.1150.46 3/17/2022 99.0.4844.74 According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability? While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://www.daviderceg.com/">David Erceg</a>

Revision History

• 2022-03-17: Information published.