Oleg Zaytsev

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in Microsoft Edge, allowing a remote attacker to bypass security restrictions and conduct cross-site scripting attacks using a specially crafted malicious web page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) versions prior to 121.0.2277.83 **Description** The issue is related to the exploitation of Microsoft Edge's Marketing API, allowing attackers to covertly install browser extensions without user consent. This could lead to a privilege escalation threat. The vulnerability was actively exploited and has been patched by Microsoft. Users are advised to update to the latest version to ensure a secure browsing experience. **Recommendations** For versions prior to 121.0.2277.83, update to version 121.0.2277.83 or later to resolve the issue. As a temporary workaround, consider restricting access to the Marketing API until a patch is applied. Avoid using the private API intended for marketing purposes in the affected browser versions.