CVE-2024-21336: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) has been identified with a spoofing vulnerability tracked as CVE-2024-21336. The vulnerability was initially recorded on December 8, 2023, and publicly disclosed on January 26, 2024. This security flaw affects Microsoft Edge Chromium versions up to (excluding) 121.0.2277.83 (NIST NVD, CVE MITRE).

The vulnerability has been assigned a CVSS v3.1 base score of 2.5 (Low) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires local access, has high attack complexity, needs no privileges, requires user interaction, and can only result in low-impact integrity compromise. The weakness has been classified under CWE-357 (Insufficient UI Warning of Dangerous Operations) (NIST NVD).

The vulnerability could potentially lead to spoofing attacks in Microsoft Edge (Chromium-based). The impact is considered low, with no confidentiality breach or availability impact, but there is a potential for limited integrity compromise (NIST NVD).

Microsoft has addressed this vulnerability by releasing version 121.0.2277.83 of Microsoft Edge (Chromium-based). Users are advised to update to this version or later to mitigate the vulnerability (NIST NVD).