Monday, May 25, 2020

Vulnerability In Chromium-based Microsoft Edge

There has been found a vulnerability in new Chromium-based Microsoft Edge web browser. The vulnerability is related to improper input validation in the Feedback extension. By exploiting this vulnerability an attacker may be able to write files to arbitrary locations and gain elevated privileges.

The vulnerability by itself does not allow arbitrary code to run. However, it could be used in conjunction with other vulnerabilities to take advantage of the elevated privileges when running.

Affected versions:
Microsoft Edge (Chromium-based) versions earlier than 83.0.478.37

More information available in the correspondent security advisory.

No comments: