According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability? While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges needed to install an extension. What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 121.0.2277.83 1/25/2024 121.0.6167.85/.86 Extended Stable 120.0.2210.160 1/25/2024 120.0.6099.268 Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 121.0.2277.98 2/1/2024 121.0.6167.139/140 Extended Stable 120.0.2210.167 2/1/2024 120.0.6099.276
Maturity: Exploit
<a href="https://labs.guard.io/">Oleg Zaytsev</a> with <a href="https://www.guard.io/">Guardio</a>, <a href="https://twitter.com/shhnjk">Jun Kokatsu</a>