CVE-2024-49041: Microsoft Edge (Chromium-based) Spoofing Vulnerability

Overview

Severity

Medium (CVSS 4.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Dec

Released

2024-12-05

EPSS Score

0.34% (percentile: 56.8%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.86 12/05/2024 131.0.6778.108/.109

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

Haifei Li with <a href="https://research.checkpoint.com/">Check Point Research</a>, Peter Girnus of Trend Micro Zero Day Initiative, <a href="https://www.linkedin.com/in/sazzad-mahmud-tomal-4422b0236">Sazzad Mahmud Tomal</a>

Revision History

• 2024-12-05: Information published.