Update your Microsoft Edge Browser

  • CERT Admin
  • Tue Jun 29 2021
  • Alerts

Overview 

Microsoft rolled out an update for the Edge browser to fix two security issues where one could allow an attacker to bypass security and perform arbitrary code
execution.  

Description 

Universal cross-site scripting (UXSS) vulnerability (CVE-2021-34506) found in the Microsoft Edge browser which can be triggered when automatically translating web pages using the browser’s in-built feature called Microsoft translator. 

A successful exploit of this vulnerability would allow an attacker to bypass security and execute arbitrary codes on the target system. 

Impact 

· Exposing sensitive information to unauthorized parties.

· Execute of unwanted/malicious programs/codes.

· Unauthorized access .

  

Solution/ Workarounds 

· Update to the latest version of (91.0.864.59) Microsoft Edge browser by visiting Settings and more > About Microsoft Edge 

  

Reference 

· https://heimdalsecurity.com/blog/microsoft-edge-vulnerability-couldve-allowed-hackers-to-steal-files/ 

· https://portswigger.net/daily-swig/researcher-gives-low-down-on-serious-uxss-flaw-in-microsoft-edge 

· https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html 

  

Disclaimer 

The information provided herein is on an "as is" basis, without warranty of any kind. 

   

Last updated: Tue Jun 29 2021