Microsoft does not stop trying to make your Edge browser one of the safest when it comes to surfing the Internet. Although it is still far from the market shares of Chrome, the leader in the sector, the truth is that Microsoft’s browser is gaining followers. However, despite the improvements made by Redmond, the truth is it is not without flaws. Now the latest has been discovered a security issue that jeopardizes our privacy and security.
Everything is remote to last week. On the 24th, Microsoft decided to release a new update for its Edge browser, which includes corrections for two security problems. One of them concerns a security bypass vulnerability that could be exploited to insert and execute arbitrary code on any website. This bug was logged as CVE-2021-34506 and brings with it a universal cross-site scripting (UXSS) problem. This script is activated when we use the Microsoft Translator application from the browser.
New localized bug in universal cross-sites (UXSS)
Behind the discovery of this new vulnerability are researchers Ignacio Ignacio Laurence, Vansh Devgan and Shivam Kumar Singh belonging to CyberXplore Private Limited. This discovery is known as a universal cross-site scripting (UXSS) vulnerability . This means that they use attackers to access our private browser data from website “X” while browsing malicious website “Y”. According to these researchers, this UXSS attack exploits user vulnerabilities in browser extensions in order to execute malicious code, unlike what happens with a common XSS attack. Subsequently, the browser is affected once this vulnerability is exploited, which ends up causing the deactivation of its security functions.
Specifically, the researchers discovered a fragment of code capable of being violated within a translation function of the Microsoft Translator page. This fact allowed any hacker or malicious user to insert a malicious JavaScript code inside the web page, so that the user would unknowingly execute it by clicking on the message in the address bar of Microsoft Translator.
The aforementioned researchers also demonstrated other vulnerabilities. On the one hand, it is possible to carry out an attack by simply adding a comment to a YouTube video or by making a friend request from a Facebook profile. In both cases, content in a language other than English was included which, together with a load of the XSS extension, caused the code to be executed immediately.
Update Edge to fix the problem
Luckily, this problem has already been fixed by Microsoft in its latest available update, which version is 91.0.864.59. That is why, as we always say, it is highly recommended to keep our applications updated and in this case the browser to the latest version, as this always corrects errors and vulnerabilities such as the one we have discussed.
To keep Microsoft Edge updated to the latest version, we must open the browser and click on the three points in the upper right. Here we click on the “Configuration” section . This will open a new window and in the left column click on “About Microsoft Edge” . On the right side we can see the latest version that we have available and in case there is a download to be able to do it.
