Close Menu
  • Homepage
  • Local News
  • India
  • World
  • Politics
  • Sports
  • Finance
  • Entertainment
  • Business
  • Technology
  • Health
  • Lifestyle
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
Facebook X (Twitter) Instagram Pinterest
JHB NewsJHB News
  • Local
  • India
  • World
  • Politics
  • Sports
  • Finance
  • Entertainment
Let’s Fight Corruption
JHB NewsJHB News
Home»Technology»Microsoft Edge bug allowed collection of data through extensions
Technology

Microsoft Edge bug allowed collection of data through extensions

March 29, 2024No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Featured image for Microsoft Edge bug allowed collection of data through extensions
Share
Facebook Twitter LinkedIn Pinterest Email

Other than exhibiting Chrome customers a popup to change to Microsoft Edge, it seems that the corporate can be striving to repair identified bugs and safety flaws of the browser, and the system related to it. The tech big has simply mounted a previous glitchy replace to its Edge browser, which was inflicting quite a few issues for customers. Nonetheless, it seems that there’s extra and this explicit one may very well be extreme.

A not too long ago patched bug in Microsoft Edge allowed potential attackers to put in extensions on the person’s system. And it might occur with none interplay from the person. Notably, it may very well be exploited for monetary acquire or different functions.

Tracked as CVE-2024-21388, this vulnerability was at first revealed by Guardio Labs safety researcher Oleg Zaytsev, who highlighted its potential for malicious exploitation.

Attackers might have used the Microsoft Edge bug to put in an extension by exploiting a personal API

Researchers addressed the safety flaw in Microsoft Edge steady model 121.0.2277.83 launched on January 25, 2024. Unhealthy actors might have exploited the flaw to leverage a personal API initially supposed for advertising functions. This API might allow attackers to put in browser extensions with broad permissions, which might result in a browser sandbox escape.

The vulnerability, if efficiently exploited, might have allowed attackers to achieve the privileges wanted to put in extensions on customers’ techniques with out their consent. An attacker might make it occur by exploiting a personal API within the Chromium-based Edge browser. It reportedly granted privileged entry to an inventory of internet sites, together with Bing and Microsoft.

By working JavaScript on these pages, attackers might set up extensions from the Edge Add-ons retailer. It gained’t require any interplay from the person. The bug in Microsoft Edge basically stemmed from inadequate validation. It might permit attackers to offer any extension identifier from the storefront and stealthily set up it.

The potential impression of this vulnerability is critical, because it might have facilitated the set up of further malicious extensions. In a hypothetical assault situation, menace actors couldn’t solely publish seemingly innocent extensions to the add-on retailer but in addition leverage them to inject malicious JavaScript code into legit websites. Subsequently, customers visiting these websites would unknowingly have the focused extensions put in on their browsers with out their consent.

Fortunately, there’s no file of a profitable exploitation

Fortunately, there’s no proof of a profitable exploitation of this safety flaw. Browser customizations goal to uplift the person expertise. Nonetheless, they will inadvertently introduce new assault vectors and this recorded safety flaw is an ideal instance of that. As Guardio Labs’ Oleg Zaytsev emphasised, attackers can simply trick customers into putting in seemingly innocent extensions, which might function the preliminary step in a extra complicated assault.

Source link

allowed bug collection data edge Extensions Microsoft
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

WhatsApp Plus now in India: Price, features and everything you need to know | Technology News

July 1, 2026

Samsung Confirms Galaxy Z Fold Wide With Bizarre Teaser

July 1, 2026

Change these 6 Android Settings to Stop Phone Scammers

July 1, 2026

Japan’s Hayabusa2 prepares for record-close asteroid flyby on July 5 | Technology News

July 1, 2026
Add A Comment
Leave A Reply Cancel Reply

Editors Picks

Why Mexico vs Ecuador at FIFA World Cup has been delayed by an hour | Football News

July 1, 2026

Trump made more than $1bn from crypto in first year back in office

July 1, 2026

Inside Nancy Guthrie Disturbing Ransom Notes After ‘Death’ Claim

July 1, 2026

WhatsApp Plus now in India: Price, features and everything you need to know | Technology News

July 1, 2026
Popular Post

OpenAI reportedly missed revenue targets. Shares of Oracle and these chip stocks are falling

Big Tech, Magnificent 7 stock exposure: Time to reduce?

Document Reader Pro is Free on Android for a Limited Time

Subscribe to Updates

Get the latest news from JHB News about Bangalore, Worlds, Entertainment and more.

JHB News
Facebook X (Twitter) Instagram Pinterest
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
© 2026 Jhb.news - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.