The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability? Successful exploitation of this vulnerability has limited impacts to Confidentiality and Integrity and no impact on Availability. An attacker would need to combine this vulnerability with other vulnerabilities to perform an attack. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the permissions dialog feature prompt presented to users when initiating a download.
<a href="https://linkedin.com/in/frozzipies">Farras Givari</a> with <a href="https://meta4sec.com/">Meta4sec</a>, Ahmed ElMasry, <a href="https://www.linkedin.com/in/afif-hidayatullah">Om Apip</a> with <a href="https://itsec.asia/">ITSEC Asia</a>, <a href="https://x.com/i_am_canalun">canalun</a>