- Aug 17, 2014
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website.
Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when automatically translating web pages using the browser's built-in feature via Microsoft Translator.
Credited for discovering and reporting CVE-2021-34506 are Ignacio Laurence as well as Vansh Devgan and Shivam Kumar Singh with CyberXplore Private Limited.
"Unlike the common XSS attacks, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extensions in order to generate an XSS condition, and execute malicious code," CyberXplore researchers said in a write-up shared with The Hacker News.
"When such vulnerabilities are found and exploited, the behavior of the browser is affected and its security features may be bypassed or disabled."