According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user have multiple browser instances open of the affected version of Microsoft Edge (Chromium-based), one of which is a specially crafted website hosted by the attacker. The user would need to access the URL of the malicious website and then click a popup displayed on that site. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 102.0.1245.30 5/31/2022 102.0.5005.61 According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.
Felix B