Primary

Context

Microsoft Edge Spoofing Vulnerability

Vulnerability

Patched

A spoofing vulnerability has been identified in Microsoft Edge (Chromium-based) version 143.0.3650.88. This vulnerability allows an attacker to manipulate the user interface of extension popups, potentially misleading users about the origin of permission prompts or screen share dialogs. Exploitation requires user interaction, such as opening a specially crafted file or visiting a compromised website.

Impact

Exploitation of this vulnerability could lead to spoofing attacks, where an extension can misrepresent information to the user by overlaying a popup on top of a permission prompt or screen share dialog.

Remediation

Users can download the security update for Microsoft Edge for Android from the Microsoft Edge Release Notes - Security page.

Added: Dec 18, 2025, 10:22 PM

Updated: Dec 18, 2025, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Edge Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Edge

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating