Microsoft has fixed a vulnerability in the Edge browser that could be abused against older versions to steal local files from a user's computer.
The good news is that social engineering is involved in exploiting the flaw, meaning the attack cannot be automated at scale, and, hence, present a smaller level of danger to end users.
Edge flaw is SOP-related
Discovered by Netsparker security researcher Ziyahan Albeniz, the vulnerability involves the
Same-Origin Policy (SOP) security feature that all browser support.
In Edge, and all other browsers, SOP works by preventing an attacker from loading malicious code via a link that does not matches the same domain (subdomain), port, and protocol.
Albeniz says that Edge's SOP implementation works as intended except one case —when users are tricked into downloading a malicious HTML file on their PC and then running it.
When the user runs this HTML file, its malicious code will be loaded via the file:// protocol, and because it's a local file, it will not have a domain and port value.
What this means is that this malicious HTML file can contain code that collects and steals any data from local files accessible via a "file://" URL.
Because any OS file can be accessed via a file:// URL inside a browser, this essentially gives the attacker free reign to collect and steal any local file he wants.