Description
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published: 2026-04-10
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Exposure via Spoofing
Action: Apply Patch
AI Analysis

Impact

The vulnerability in Microsoft Edge (Chromium-based) allows an attacker to spoof elements presented to the user, resulting in the disclosure of sensitive information that the attacker can intentionally reveal. This flaw falls under CWE-451. Based on the description, the impact is limited to data that the attacker can fabricate, and there is no indication that the vulnerability enables code execution or denial of service.

Affected Systems

Microsoft Edge (Chromium-based) is the affected product. No explicit version numbers were supplied in the CNA listing, which implies the issue may affect the current release series at the time of the advisory.

Risk and Exploitability

The CVSS score of 4.3 indicates a low overall risk, and the EPSS rating of less than one percent suggests that exploitation is unlikely in the near term. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the probable attack vector requires user interaction, such as visiting a malicious web page or engaging with a crafted link, and no direct exploitation path has been disclosed.

Generated by OpenCVE AI on April 15, 2026 at 19:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the installed version of Microsoft Edge.
  • Apply the latest Microsoft Edge update released by Microsoft via Windows Update or the Microsoft Edge installer.
  • If an immediate update is not available, consider temporarily disabling or uninstalling Microsoft Edge until the patch is released.
  • Continue to monitor Microsoft security advisories for any subsequent patches or follow‑up notes regarding the vulnerability.

Generated by OpenCVE AI on April 15, 2026 at 19:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-76

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-76

Fri, 10 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Microsoft Edge (Chromium-based) Spoofing Vulnerability
Title Microsoft Edge (Chromium-based) Spoofing Vulnerability
First Time appeared Microsoft
Microsoft edge Chromium
CPEs cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft edge Chromium
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Edge Chromium
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-30T14:42:39.542Z

Reserved: 2026-03-17T20:15:23.721Z

Link: CVE-2026-33118

cve-icon Vulnrichment

Updated: 2026-04-14T14:04:17.209Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T22:16:21.123

Modified: 2026-04-16T16:34:07.470

Link: CVE-2026-33118

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T19:45:12Z

Weaknesses