A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could use this vulnerability to trick a user into loading a web page with malicious content.
To exploit the vulnerability, an attacker must either trick a user into loading a web page or visit a website. The web page could also be injected into a compromised website or ad network.
The security update addresses the vulnerability by correcting how the CSP validates documents.