External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability by bypassing a security feature that is built in to prevent cookies from being read is cookies data and cached sessions. By reading a session cookie, an attacker would be able to sign into the victim’s accounts on a different computer. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 148.0.3967.55 05/11/2026 148.0.7778.97
Adithya Kotian, Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a>