Name of the Vulnerable Software and Affected Versions:

Microsoft Edge (Chromium-based) versions prior to 121.0.2277.83

Description:

The issue is related to the exploitation of Microsoft Edge's Marketing API, allowing attackers to covertly install browser extensions without user consent. This could lead to a privilege escalation threat. The vulnerability was actively exploited and has been patched by Microsoft. Users are advised to update to the latest version to ensure a secure browsing experience.

Recommendations:

For versions prior to 121.0.2277.83, update to version 121.0.2277.83 or later to resolve the issue. As a temporary workaround, consider restricting access to the Marketing API until a patch is applied. Avoid using the private API intended for marketing purposes in the affected browser versions.