Potential cyberattacks facilitated by covertly installed browser extensions could have been deployed with the exploitation of an already addressed medium-severity privilege escalation vulnerability in Microsoft Edge, according to The Hacker News.Threat actors could leverage the flaw, tracked as CVE-2024-21388, to target private APIs, install unwanted browser extensions without any user consent and interaction, and trigger a sandbox escape intrusion, a report from Guardio Labs showed. While there has been no evidence suggesting any active exploitation, such a security issue could be used to enable malicious JavaScript code injections on sites with API access, including bing[.]com, said the report."It's relatively easy for attackers to trick users into installing an extension that appears harmless, not realizing it serves as the initial step in a more complex attack. This vulnerability could be exploited to facilitate the installation of additional extensions, potentially for monetary gain," said Guardio Labs researcher Oleg Zaytsev.
Application security, Vulnerability Management, Patch/Configuration Management
Covert extension installation possible with Microsoft Edge flaw
Microsoft unveils scareware blocker for Edge browser. (Adobe Stock)
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds