Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.
What kind of security feature could be bypassed by successfully exploiting this vulnerability? An unauthenticated attacker is able to bypass the expected user access. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user must visit the attacker‑controlled webpage, and perform the two tap gestures that cause autofill to activate. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 150.0.4078.48 07/03/2026 150.0.7871.47
Kugelblitz with Microsoft, Kugelblitz with Microsoft