Security

5183 readers

2 users here now

Confidentiality Integrity Availability

founded 5 years ago

MODERATORS

[email protected]

Microsoft Fixes Edge Vulnerability That Could Have Been Exploited by Hackers (heimdalsecurity.com)

submitted 3 years ago* (last edited 3 years ago) by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

As reported by TheHackerNews reports, the researchers found that the translation feature contained a piece of vulnerable code that failed to sanitize input. This could have allowed threat actors to insert malicious JavaScript code anywhere in the webpage and subsequently executed when the user clicks the prompt on the address bar to translate the page.

What’s more, the researchers proved it was possible to trigger the attack simply by adding a comment to a YouTube video, which is written in a language other than English, along with an XSS payload.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 3 years ago (1 children)

Does this mean chromium has the same vulnerability?

[–] [email protected] 2 points 3 years ago

Not sure, but probably not, since it involved only their translation feature, which is probably Microsoft's proprietary one with Bing.