CVE-2022-21970

MEDIUM

Microsoft Edge < - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-21970. PoCs published by Malwareman007.

AI-analyzed exploit summary This repository contains documentation and examples for StreamSaver.js, a library for saving large streams directly to the filesystem using service workers. It is not an exploit PoC but rather a guide on using the library.

Description

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Exploits (1)

nomisec WRITEUP 14 stars

by Malwareman007 · poc

https://github.com/Malwareman007/CVE-2022-21970

View Code ZIP pw:eip

This repository contains documentation and examples for StreamSaver.js, a library for saving large streams directly to the filesystem using service workers. It is not an exploit PoC but rather a guide on using the library.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: StreamSaver.js (library)

No auth needed

Prerequisites: Browser with service worker support · HTTPS for optimal functionality

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21970

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21970

Scores

CVSS v3 6.1

EPSS 0.0254

EPSS Percentile 83.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Details

CWE

CWE-269

Status published

Products (1)

microsoft/edge_chromium < 97.0.1072.55

Published Jan 11, 2022

Tracked Since Feb 18, 2026