April 2, 2023

Microsoft rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website.

Tracked as CVE-2021-34506 , the weakness stems from a universal cross-site scripting (UXSS) issue that’s triggered when automatically translating web pages using the browser’s built-in feature via Microsoft Translator.

Unlike the common XSS attacks, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extensions in order to generate an XSS condition, and execute malicious code.When such vulnerabilities are found and exploited, the behavior of the browser is affected and its security features may be bypassed or disabled.

This inturn allowing an attacker to potentially insert malicious JavaScript code anywhere in the webpage that’s then subsequently executed when the user clicks the prompt on the address bar to translate the page.

Microsoft fixed the issue, in addition to awarding the researchers $20,000 as part of its bug bounty program.The latest update (version 91.0.864.59) to the Chromium based browser.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review –April 1st, 2023

TheCyberThrone Security Week In Review –April 1st, 2023

April 2, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – March 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – March 2023

April 2, 2023
IBM Aspera Vulnerability Exploited to install Ransomware

IBM Aspera Vulnerability Exploited to install Ransomware

April 1, 2023
Italy temporarily bans ChatGPT

Italy temporarily bans ChatGPT

April 1, 2023
Cylance Ransomware Dissection

Cylance Ransomware Dissection

April 1, 2023
WordPress Elementor Pro Plugin Vulnerability

WordPress Elementor Pro Plugin Vulnerability

April 1, 2023
%d bloggers like this: