Impact
A heap-based buffer overflow in Microsoft Edge (Chromium-based) permits an adversary to execute arbitrary code on the target machine. The flaw originates from inadequate bounds checking during memory allocation (CWE‑122) and can be triggered by adversaries who craft malicious network traffic to the Edge renderer. Successful exploitation would grant the attacker full control over the Edge process and potentially beyond, compromising user data and system integrity.
Affected Systems
Microsoft Edge (Chromium-based) on any affected build is vulnerable. The affected versions are not explicitly listed in the advisory, so all installations lacking the subsequent security update should be considered at risk.
Risk and Exploitability
The vulnerability receives a CVSS score of 8.8, indicating high severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV; however, the absence of detection data does not reduce the risk of exploitation. The likely attack vector is network-based: an attacker can communicate with the Edge renderer over the network to trigger the buffer overflow. High severity coupled with the potential for arbitrary code execution makes this a critical vulnerability that should be remediated promptly.
OpenCVE Enrichment