Description
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Published: 2026-04-10
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE description has been updated, but the new text is not provided in the current data. Based on the available information, Microsoft Edge (Chromium-based) still contains a user‑interface misrepresentation flaw that may allow an attacker to spoof critical information presented to users. No evidence indicates the vulnerability has expanded beyond UI spoofing to enable code execution, data tampering, or denial of service. The impact remains limited to information exposure that the attacker can fabricate through deceptive UI elements.

Affected Systems

Microsoft Edge (Chromium-based) is the affected product. No explicit version numbers were supplied in the CNA listing, which implies the issue may affect the current release series at the time of the advisory.

Risk and Exploitability

The CVSS score of 4.3 indicates a low overall risk, and the EPSS rating of less than one percent suggests that exploitation is unlikely in the near term. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the probable attack vector requires user interaction, such as visiting a malicious web page or engaging with a crafted link, and no direct exploitation path has been disclosed.

Generated by OpenCVE AI on June 19, 2026 at 21:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft Edge update released by Microsoft via Windows Update or the Microsoft Edge installer.
  • If an immediate update is not available, consider temporarily disabling or uninstalling Microsoft Edge until the patch is released.
  • Continue to monitor Microsoft security advisories for any subsequent patches or follow‑up notes regarding the vulnerability.

Generated by OpenCVE AI on June 19, 2026 at 21:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Spoofing Vulnerability User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-76

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-76

Fri, 10 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Spoofing Vulnerability
Title Microsoft Edge (Chromium-based) Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C'}


Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T16:09:08.257Z

Reserved: 2026-03-17T20:15:23.721Z

Link: CVE-2026-33118

cve-icon Vulnrichment

Updated: 2026-04-14T14:04:17.209Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T22:16:21.123

Modified: 2026-06-17T10:36:58.660

Link: CVE-2026-33118

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T21:15:16Z

Weaknesses
  • CWE-451

    User Interface (UI) Misrepresentation of Critical Information