CVE-2023-28301: Microsoft Edge (Chromium-based) Tampering Vulnerability

Overview

Severity

Low (CVSS 3.7)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

Category

Tampering

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Apr

Released

2023-04-06

Last Updated

2023-06-16

EPSS Score

1.63% (percentile: 81.9%)

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to first prepare the target so that the attacker is on the same network as potential victims. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 112.0.1722.34 4/6/2023 112.0.5615.49/50

Affected Products (1)

Browser

• Microsoft Edge for Android

Acknowledgments

<a href="https://www.linkedin.com/in/lim4/">Rafael</a> with Google Vrp

Revision History

• 2023-04-06: Information published.
• 2023-06-16: Updated one or more CVSS scores for the affected products. This is an informational change only.