Microsoft Edge, the flagship browser of the American manufacturer, discovered a critical security vulnerability a few weeks ago. Once used, it allowed hackers to remotely install malicious extensions on users’ systems without their knowledge.
According to our colleagues at Hacker News, Microsoft Edge contained a critical security vulnerability until a few weeks ago. If used, hackers could remotely install arbitrary extensions on users’ systems to launch malicious actions.
“This vulnerability could allow an attacker to use a private API, originally intended for marketing purposes, to secretly install additional browser extensions with wide permissions without the user’s knowledge. — explains Oleg Zaitsev, IT security researcher at Guardio Labs.
Listed under name CVE-2024-21388Fortunately, this vulnerability was patched by Microsoft in the stable version of Edge 121.0.02277, published on January 30, 2024. As the Redmond-based firm explains in the Security Updates section of its website: “An attacker who successfully exploits this vulnerability could gain the necessary privileges to install the extension.”
Also read : Chrome, Firefox, Edge – this broken codec shows a critical error, update quickly
A vulnerability that exploits a specific Edge feature.
With severity rating 6.5 out of 10, this vulnerability poses a significant risk to browser users. As stated above, everything revolved around the fact that Edge is designed to privileged access to certain private APIs. Thanks to this access, the browser can independently install add-ons in the background, provided that they are taken from the extension store.
Specifically, what was the pirates’ modus operandi? First, they had to create a seemingly harmless add-on for Edge… when in reality it injected malicious JavaScript code into the site that allowed access to APIs (like Bing). This JavaScript then initiated the installation of a malicious module without the user’s knowledge.
However, computer security researchers from Guardio Labs are quite encouraging. It’s not for nothing that Microsoft quickly fixed the gap and, moreover,Experts found no evidence online of abuse of this flaw. As a reminder, Microsoft is currently working on a new feature for Edge that will significantly limit the browser’s RAM consumption. Thanks to it, users will be able to configure the amount of RAM allocated to Edge.
Source: TheHackerNews
Related Posts
fan Philips Air Performer AMF870/15
“I burned my wedding dress on the grill”: why these women are celebrating their divorce
