CVE-2024-21382: 
vulnerability analysis and mitigation

Microsoft Edge for Android has been identified with an Information Disclosure Vulnerability, tracked as CVE-2024-21382. The vulnerability was initially reported on December 8, 2023, and was publicly disclosed on January 25, 2024. This security flaw affects Microsoft Edge Chromium versions up to (but not including) 121.0.2277.83 running on Android platforms (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-942 (Permissive Cross-domain Policy with Untrusted Domains) according to Microsoft's assessment (NVD).

This vulnerability could potentially lead to information disclosure if successfully exploited. The impact is considered moderate, with the ability to compromise confidentiality (C:L) while not affecting integrity or availability of the system (Microsoft Advisory).

Microsoft has released a security update to address this vulnerability in Microsoft Edge version 121.0.2277.83. Users are advised to update their Microsoft Edge for Android installations to the latest version (Rapid7).