You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
browser spoofing
About this tag
Browser spoofing vulnerabilities in Microsoft Edge, including Android versions, allow attackers to misrepresent a website's true identity through UI manipulation. These medium-severity flaws, such as CVE-2026-35429, CVE-2026-45494, and CVE-2026-33119, exploit user trust rather than enabling remote code execution. Attackers host malicious sites and persuade users to open them, potentially exposing credentials or enabling phishing. Patching to the latest Edge version is critical for enterprise defenders. The tag covers disclosure details, patch guidance, and the practical phishing risk of browser spoofing bugs.
An attacker could exploit CVE-2026-57993 over the network by hosting a specially crafted website that abuses Microsoft Edge’s Chromium-based spoofing flaw, then persuading a user to open that page through a link, email, instant message, or attachment-driven lure. Microsoft’s Security Update...
An attacker could exploit CVE-2026-35429 over the network by hosting a maliciously crafted website and persuading a Microsoft Edge for Android user to open it, where the browser’s interface could misrepresent critical information and enable spoofing without requiring authentication or local...
Microsoft disclosed CVE-2026-45494 in May 2026 as a medium-severity spoofing vulnerability in Microsoft Edge, affecting Chromium-based Edge versions before 148.0.3967.70 and allowing a crafted browsing experience to mislead users about a page’s true identity. The practical impact is not remote...
Microsoft’s Security Update Guide records CVE-2026-33119 as a spoofing vulnerability in Microsoft Edge (Chromium-based) for Android, and the wording strongly suggests a conventional browser trust/UI issue rather than a memory-corruption flaw. On its face, that places the bug in a category that...