CVE-2024-26192 : Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Published 2024-02-23 23:15:10

Updated 2024-11-29 20:41:36

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2024-26192

Microsoft » Edge Chromium
Versions before (<) 122.0.2365.52
cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L	2.8	4.7	Microsoft Corporation	2024-02-23
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: None Availability: Low
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L/...	N/A	N/A	MS-CVE-2024-26192	2024-02-24
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: None Availability: Low

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Assigned by: secure@microsoft.com (Secondary)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192

CVE-2024-26192 - Security Update Guide - Microsoft - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Patch;Vendor Advisory

Jump to