CVE-2021-42308: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) was affected by a spoofing vulnerability identified as CVE-2021-42308. The vulnerability was discovered and reported to Microsoft, with the initial record creation date of October 12, 2021, and was publicly disclosed on November 23, 2021. This security flaw affects Microsoft Edge (Chromium-based) versions up to (excluding) 96.0.1054.29 (NVD, CVE).

The vulnerability has received varying severity assessments from different sources. The National Vulnerability Database (NVD) assigned it a CVSS v3.1 Base Score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, while Microsoft Corporation rated it lower at 3.1 (LOW) with a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-290 (Authentication Bypass by Spoofing) (NVD).

The vulnerability could potentially allow an attacker to perform spoofing attacks, primarily affecting the integrity of the system without compromising confidentiality or availability. Based on the CVSS scores, the impact ranges from low to high depending on the assessment source (NVD).

Microsoft has released a security update to address this vulnerability. Users are advised to upgrade to Microsoft Edge version 96.0.1054.29 or later to mitigate the risk (Rapid7).