CVE-2024-49054: 
vulnerability analysis and mitigation

A spoofing vulnerability has been identified in Microsoft Edge (Chromium-based), tracked as CVE-2024-49054. The vulnerability was disclosed on November 22, 2024, and affects versions of Microsoft Edge Chromium up to (but not including) version 131.0.2903.63 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with low impact on integrity and no impact on confidentiality or availability (NVD).

The vulnerability could allow an attacker to conduct spoofing attacks against users of Microsoft Edge. The impact is primarily focused on integrity with potential for misleading or deceiving users through spoofing techniques (Microsoft Edge Release Notes).

Microsoft has released a fix for this vulnerability in Microsoft Edge version 131.0.2903.63. Users are advised to update to this version or later to mitigate the vulnerability (Microsoft Edge Release Notes).