"Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions"
A now-patched security flaw in the Microsoft Edge web browser could have been exploited to install arbitrary extensions on users' systems and perform malicious activities. According to Guardio Labs security researcher Oleg Zaytsev, this flaw could have enabled an attacker to use a private Application Programming Interface (API) originally intended for marketing purposes to covertly install additional browser extensions with broad permissions without the user knowing. Microsoft noted in an advisory that a successful exploit of this vulnerability could give an attacker the necessary privileges to install extensions and potentially result in a browser sandbox escape. This article continues to discuss the potential exploitation and impact of the Microsoft Edge bug.
Submitted by grigby1