- Jul 22, 2014
- 2,525
A vulnerability in the Microsoft Edge browser can be exploited and allow an attacker to obtain a user's password and cookie files for various online accounts.
The vulnerability came to light following research by Manuel Caballero, a security expert who has a long history of unearthing Edge [1, 2] and Internet Explorer flaws [1].
Caballero's recent discovery is a bypass of the Same Origin Policy (SOP), a browser security feature that prevents website A from loading and executing scripts loaded from website B.
Vulnerability lets attackers bypass Edge's SOP protection
This flaw, which Caballero disclosed today in a headache-inducing technical write-up, allows an attacker to load and execute malicious code with the help of data URIs, meta refresh tag, and domainless pages, such as about:blank.
In various variations of the exploitation technique Caballero showed how an attacker could execute code on high-profile sites just by tricking the victim into accessing a malicious URL.
In three proof-of-concept demos, the researcher executed code on the Bing homepage, tweeted on behalf of another user, and stole the password and cookie files from a Twitter account.
The last attack re-exposed a security flaw in the design of modern browsers, such as an attacker's ability to logout a user, load the login page, and steal the user's credentials that are automatically filled in by the browser's password autofill feature.
To better understand how all this works, Caballero has recorded a video of the attack:
.....
The vulnerability came to light following research by Manuel Caballero, a security expert who has a long history of unearthing Edge [1, 2] and Internet Explorer flaws [1].
Caballero's recent discovery is a bypass of the Same Origin Policy (SOP), a browser security feature that prevents website A from loading and executing scripts loaded from website B.
Vulnerability lets attackers bypass Edge's SOP protection
This flaw, which Caballero disclosed today in a headache-inducing technical write-up, allows an attacker to load and execute malicious code with the help of data URIs, meta refresh tag, and domainless pages, such as about:blank.
In various variations of the exploitation technique Caballero showed how an attacker could execute code on high-profile sites just by tricking the victim into accessing a malicious URL.
In three proof-of-concept demos, the researcher executed code on the Bing homepage, tweeted on behalf of another user, and stole the password and cookie files from a Twitter account.
The last attack re-exposed a security flaw in the design of modern browsers, such as an attacker's ability to logout a user, load the login page, and steal the user's credentials that are automatically filled in by the browser's password autofill feature.
To better understand how all this works, Caballero has recorded a video of the attack:
.....
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}