Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-44688 (GCVE-0-2022-44688)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI?
EPSS
Title
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0.0 , < 108.0.1462.42
(custom)
|
Date Public ?
2022-12-05 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:04.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "108.0.1462.42",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "108.0.1462.42",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-05T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:39.047Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-44688",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-11-03T00:00:00.000Z",
"dateUpdated": "2025-07-22T17:49:39.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"108.0.1462.41\", \"matchCriteriaId\": \"82826DDA-0A39-45A2-A734-473A79498ED4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Edge (Chromium-based) Spoofing Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de suplantaci\\u00f3n de identidad en Microsoft Edge (basado en Chromium)\"}]",
"id": "CVE-2022-44688",
"lastModified": "2025-01-02T22:15:30.203",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
"published": "2022-12-13T19:15:13.757",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202305-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202311-11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-44688\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-12-13T19:15:13.757\",\"lastModified\":\"2025-01-02T22:15:30.203\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Edge (Chromium-based) Spoofing Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"108.0.1462.41\",\"matchCriteriaId\":\"82826DDA-0A39-45A2-A734-473A79498ED4\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202305-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202311-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2022-44688
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-44688",
"description": "Microsoft Edge (Chromium-based) Spoofing Vulnerability.",
"id": "GSD-2022-44688"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-44688"
],
"details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"id": "GSD-2022-44688",
"modified": "2023-12-13T01:19:25.381287Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-44688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge (Chromium-based)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.0",
"version_value": "108.0.1462.42"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"name": "https://security.gentoo.org/glsa/202305-10",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"name": "https://security.gentoo.org/glsa/202311-11",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202311-11"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "108.0.1462.41",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-44688"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688",
"refsource": "MISC",
"tags": [],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"name": "https://security.gentoo.org/glsa/202305-10",
"refsource": "MISC",
"tags": [],
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"name": "https://security.gentoo.org/glsa/202311-11",
"refsource": "",
"tags": [],
"url": "https://security.gentoo.org/glsa/202311-11"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-11-25T11:15Z",
"publishedDate": "2022-12-13T19:15Z"
}
}
}
GHSA-PVP9-84C2-P559
Vulnerability from github – Published: 2022-12-13 21:30 – Updated: 2022-12-13 21:30
VLAI?
Details
Microsoft Edge (Chromium-based) Spoofing Vulnerability.
Severity ?
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-44688"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability.",
"id": "GHSA-pvp9-84c2-p559",
"modified": "2022-12-13T21:30:27Z",
"published": "2022-12-13T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44688"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44688"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2022-44688
Vulnerability from fkie_nvd - Published: 2022-12-13 19:15 - Updated: 2025-01-02 22:15
Severity ?
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | edge_chromium | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82826DDA-0A39-45A2-A734-473A79498ED4",
"versionEndExcluding": "108.0.1462.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)"
}
],
"id": "CVE-2022-44688",
"lastModified": "2025-01-02T22:15:30.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2022-12-13T19:15:13.757",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2022-AVI-1079
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 108.0.1462.41",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4174"
},
{
"name": "CVE-2022-44688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44688"
},
{
"name": "CVE-2022-4195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4195"
},
{
"name": "CVE-2022-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4187"
},
{
"name": "CVE-2022-4183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4183"
},
{
"name": "CVE-2022-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4181"
},
{
"name": "CVE-2022-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4178"
},
{
"name": "CVE-2022-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4189"
},
{
"name": "CVE-2022-44708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44708"
},
{
"name": "CVE-2022-4182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4182"
},
{
"name": "CVE-2022-4186",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4186"
},
{
"name": "CVE-2022-4179",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4179"
},
{
"name": "CVE-2022-4184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4184"
},
{
"name": "CVE-2022-4185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4185"
},
{
"name": "CVE-2022-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4180"
},
{
"name": "CVE-2022-4188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4188"
},
{
"name": "CVE-2022-4191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4191"
},
{
"name": "CVE-2022-4190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4190"
},
{
"name": "CVE-2022-4262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4262"
},
{
"name": "CVE-2022-41115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41115"
},
{
"name": "CVE-2022-4177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4177"
},
{
"name": "CVE-2022-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4193"
},
{
"name": "CVE-2022-4194",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4194"
},
{
"name": "CVE-2022-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4192"
},
{
"name": "CVE-2022-4175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4175"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1079",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4184 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4187 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4182 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4180 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4195 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4174 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4192 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41115 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41115"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4189 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44708 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44688 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4262 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4179 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4183 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4175 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4186 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4191 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4193 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4194 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4178 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4188 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4190 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4181 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4185 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4177 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177"
}
]
}
CERTFR-2022-AVI-1079
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 108.0.1462.41",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4174"
},
{
"name": "CVE-2022-44688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44688"
},
{
"name": "CVE-2022-4195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4195"
},
{
"name": "CVE-2022-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4187"
},
{
"name": "CVE-2022-4183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4183"
},
{
"name": "CVE-2022-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4181"
},
{
"name": "CVE-2022-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4178"
},
{
"name": "CVE-2022-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4189"
},
{
"name": "CVE-2022-44708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44708"
},
{
"name": "CVE-2022-4182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4182"
},
{
"name": "CVE-2022-4186",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4186"
},
{
"name": "CVE-2022-4179",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4179"
},
{
"name": "CVE-2022-4184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4184"
},
{
"name": "CVE-2022-4185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4185"
},
{
"name": "CVE-2022-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4180"
},
{
"name": "CVE-2022-4188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4188"
},
{
"name": "CVE-2022-4191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4191"
},
{
"name": "CVE-2022-4190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4190"
},
{
"name": "CVE-2022-4262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4262"
},
{
"name": "CVE-2022-41115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41115"
},
{
"name": "CVE-2022-4177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4177"
},
{
"name": "CVE-2022-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4193"
},
{
"name": "CVE-2022-4194",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4194"
},
{
"name": "CVE-2022-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4192"
},
{
"name": "CVE-2022-4175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4175"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1079",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4184 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4184"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4187 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4187"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4182 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4182"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4180 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4180"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4195 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4195"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4174 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4174"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4192 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4192"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41115 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41115"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4189 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4189"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44708 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-44688 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4262 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4262"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4179 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4179"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4183 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4183"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4175 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4175"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4186 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4186"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4191 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4191"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4193 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4193"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4194 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4194"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4178 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4178"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4188 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4190 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4190"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4181 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4181"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4185 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4185"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4177 du 05 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4177"
}
]
}
BDU:2022-07160
Vulnerability from fstec - Published: 01.12.2022
VLAI Severity ?
Title
Уязвимость браузеров Microsoft Edge и Google Chrome, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить спуфинг-атаки
Description
Уязвимость браузеров Microsoft Edge и Google Chrome связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить спуфинг-атаки путем открытия специально созданного вредоносного файла или специально созданной вредоносной ссылки
Severity ?
Vendor
Microsoft Corp, Google Inc
Software Name
Microsoft Edge, Google Chrome
Software Version
до 108.0.1462.41 (Microsoft Edge), до 108.0.5359.94 (Google Chrome)
Possible Mitigations
Использование рекомендаций:
Для Microsoft Edge:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688
Для Google Chrome:
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 108.0.1462.41 (Microsoft Edge), \u0434\u043e 108.0.5359.94 (Google Chrome)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Microsoft Edge:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688\n\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.12.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07160",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-44688",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Edge, Google Chrome",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Microsoft Edge \u0438 Google Chrome, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Microsoft Edge \u0438 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688\nhttps://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
WID-SEC-W-2022-2239
Vulnerability from csaf_certbund - Published: 2022-12-05 23:00 - Updated: 2022-12-05 23:00Summary
Microsoft Edge: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Edge ist ein Web Browser von Microsoft.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um seine Privilegien zu erhöhen und falsche Informationen darzustellen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Windows
- iPhoneOS
Es existiert eine Schwachstelle in Microsoft Edge. Der Fehler ist noch nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
In Microsoft Edge existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Privilegien.
In Microsoft Edge existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Privilegien.
References
| URL | Category | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Edge ist ein Web Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um seine Privilegien zu erh\u00f6hen und falsche Informationen darzustellen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows\n- iPhoneOS",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2239 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2239.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2239 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2239"
},
{
"category": "external",
"summary": "Microsoft Edge CVE-2022-44708 vom 2022-12-05",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708"
},
{
"category": "external",
"summary": "Microsoft Edge CVE-2022-44688 vom 2022-12-05",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"category": "external",
"summary": "Microsoft Edge CVE-2022-41115 vom 2022-12-05",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41115"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2022-12-05",
"url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
}
],
"source_lang": "en-US",
"title": "Microsoft Edge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2022-12-05T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:39:20.479+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2239",
"initial_release_date": "2022-12-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Edge Stable Channel \u003c 108.0.1462.42",
"product": {
"name": "Microsoft Edge Stable Channel \u003c 108.0.1462.42",
"product_id": "T025483",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:stable_channel__108.0.1462.42"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44688",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Microsoft Edge. Der Fehler ist noch nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-12-05T23:00:00.000+00:00",
"title": "CVE-2022-44688"
},
{
"cve": "CVE-2022-41115",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien."
}
],
"release_date": "2022-12-05T23:00:00.000+00:00",
"title": "CVE-2022-41115"
},
{
"cve": "CVE-2022-44708",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einer dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Privilegien."
}
],
"release_date": "2022-12-05T23:00:00.000+00:00",
"title": "CVE-2022-44708"
}
]
}
MSRC_CVE-2022-44688
Vulnerability from csaf_microsoft - Published: 2022-12-13 08:00 - Updated: 2022-12-05 08:00Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity
Moderate
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
Vendor Fix
108.0.1462.42:Security Update:https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
https://docs.microsoft.com/en-us/DeployEdge/micro…
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Acknowledgments
Ahmed ElMasry (O.M.H)
{
"document": {
"acknowledgments": [
{
"names": [
"Ahmed ElMasry (O.M.H)"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-44688 Microsoft Edge (Chromium-based) Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"category": "self",
"summary": "CVE-2022-44688 Microsoft Edge (Chromium-based) Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-44688.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tracking": {
"current_release_date": "2022-12-05T08:00:00.000Z",
"generator": {
"date": "2025-07-22T17:49:26.529Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-44688",
"initial_release_date": "2022-12-13T08:00:00.000Z",
"revision_history": [
{
"date": "2022-12-05T08:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c108.0.1462.42",
"product": {
"name": "Microsoft Edge (Chromium-based) \u003c108.0.1462.42",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "108.0.1462.42",
"product": {
"name": "Microsoft Edge (Chromium-based) 108.0.1462.42",
"product_id": "11655"
}
}
],
"category": "product_name",
"name": "Microsoft Edge (Chromium-based)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44688",
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The attacker is only able to change the content of the autofill box that overlaps an error message on a crafted malicious website. The modified information is only visual.",
"title": "According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "108.0.1462.41: 108.0.1462.41, 12/5/2022: 12/5/2022, 108.0.5359.94: 108.0.5359.94",
"title": "What is the version information for this release?"
},
{
"category": "faq",
"text": "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.",
"title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
}
],
"product_status": {
"fixed": [
"11655"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-44688 Microsoft Edge (Chromium-based) Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44688"
},
{
"category": "self",
"summary": "CVE-2022-44688 Microsoft Edge (Chromium-based) Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-44688.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-05T08:00:00.000Z",
"details": "108.0.1462.42:Security Update:https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security",
"product_ids": [
"1"
],
"url": "https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…