Edge receives fix for escalation of privilege vulnerability

Edge receives fix for escalation of privilege vulnerability

Microsoft takes Edge security and privacy seriously, which is important to face an opportunity of catching on to the amount of Chrome and Firefox. Toward that end, the tech giant shipped a fix for an escalation of privilege vulnerability in its Chromium-based browser.

The security patch is a component of the sting update 83.0.478.37 that's currently rolling call at the Stable channel. The non-security updates include features like automatic profile switching.

Escalation of privilege vulnerability

Microsoft calls the safety risk in question CVE-2020-1195. The exposure stems from the tendency of the Feedback extension in Edge to incorrectly validate input.

Therefore, if an attacker managed to require advantage of the loophole, they might move files to arbitrary memory locations. Doing that would also give the hacker higher system privileges.

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges. This vulnerability might be utilized in conjunction with one or more vulnerabilities (for example a foreign code execution vulnerability and another elevation of privilege vulnerability) to require advantage of the elevated privileges when running.

Microsoft assigned the vulnerability an exploitation assessment index of two . It means users of the newest version of Edge are less likely to be a target for this type of attack.

The escalation of privileges vulnerability, in itself, doesn't amount to an attacker executing illegal code. But a hacker can use it to pave the way for a more serious breach.

For example, after illegally attaining elevated privileges, they might exploit a foreign code execution (RCE) loophole. An RCE attack could successively allow them to steal data, spy, or maybe stage a denial of service attack.

However, the escalation of privilege vulnerability in Edge should be no cause for alarm. Microsoft has not received any evidence of its exploitation within the wild.

If you've got any questions or suggestions regarding Microsoft Edge security, you'll always leave them within the comments section below.

Post a Comment