Home Hacking News Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks

by Abeerah Hashim
written by Abeerah Hashim
Microsoft Edge vulnerability

Microsoft Edge users now need to be extra cautious while surfing since a new exploit is coming. An exploit developer has discovered a zero-day Microsoft Edge vulnerability that triggers remote code execution attacks. Since the researcher has not informed Microsoft of the problem yet, one may not expect a quick fix for this.

Zero-Day Microsoft Edge Vulnerability Induces RCE Attacks

As disclosed, an exploit developer Yushi Liang has claimed to have found a vulnerability that breaks Microsoft Edge browsers. The newly discovered zero-day Microsoft Edge vulnerability could allow an attacker to remotely execute arbitrary codes on the target system. Liang first revealed his discovery in a tweet.

https://twitter.com/Yux1xi/status/1058168985991163906

As stated, Liang has teamed up with a Russian exploit developer Alexander Kochkov to create a stable exploit that escapes sandbox. Whereas, he has found the exploit by using Wadi Fuzzer

Allegedly, exploiting the zero-day vulnerability referred herewith lets an attacker execute arbitrary commands. The extent of the RCE attacks largely depends on the privilege level of the account logged in. In case of an administrator account, an attacker may exfiltrate data from the system, create admin accounts, or install programs on the target machine.

While talking to Bleeping Computers, Liang stated that they are working out to develop a stable exploit to achieve “full sandbox escaping of the code”. Moreover, they will also try to find ways of escalating execution privileges.

Although Liang hasn’t revealed much technical details of the exploit yet, he has demonstrated the exploit in a video. As shown, he has triggered Microsoft Edge to launch Firefox that loads a Google Chrome download page.

No Patches Available Yet

For now, users of Microsoft Edge may not find a fix for the bug since the researcher has not reported the flaw to Microsoft. Probably, as more details come up, Microsoft may release a patch for it. However, until then, the only mitigation seems to be the choice of user accounts. While using Microsoft Edge, users may avoid logging in to accounts with administrator privileges for minimal damages.

Take your time to comment on this article.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...