CVE-2023-24892

HIGH

Microsoft Edge Chromium < 111.0.1661.41 - Authentication Bypass by Spoofing via Webview2

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-24892. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This is a writeup describing a spoofing vulnerability in Microsoft Edge WebView2. It references external links for PoC and reproduction but does not contain actual exploit code.

Description

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

Exploits (1)

exploitdb WRITEUP

by nu11secur1ty · textlocalmultiple

https://www.exploit-db.com/exploits/51359

View Code ZIP pw:eip

This is a writeup describing a spoofing vulnerability in Microsoft Edge WebView2. It references external links for PoC and reproduction but does not contain actual exploit code.

Classification

Writeup 80%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Edge (Chromium-based) WebView2 1.0.1661.34

No auth needed

Prerequisites: Victim interaction required to open a malicious web app

MITRE ATT&CK

T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24892

Scores

CVSS v3 8.2

EPSS 0.0352

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-290 CWE-601

Status published

Products (1)

microsoft/edge_chromium < 111.0.1661.41

Published Mar 14, 2023

Tracked Since Feb 18, 2026