Elevation of Privilege Vulnerability Affects Microsoft Edge (Chromium-based)
Key Information
- Vendor
- Microsoft
- Status
- Microsoft Edge (chromium-based)
- Vendor
- CVE Published:
- 30 January 2024
Badges
Summary
CVE-2024-21388 is a vulnerability in the Microsoft Edge browser that allows attackers to exploit a private API to covertly install additional browser extensions. The flaw was discovered and promptly disclosed to Microsoft by Guardio Labs. The vulnerability was fixed in February 2024 but was exploited in the wild prior to the fix. The affected software is Microsoft Edge, and the potential impact of the vulnerability is the silent installation of extensions with broad permissions without the user's knowledge. This could lead to the installation of malicious extensions and facilitate further attacks. The exploitation of this vulnerability raises concerns about the balance between user convenience and security, and the need for developers and platform operators to focus on security throughout the development cycle.
Affected Version(s)
Microsoft Edge (Chromium-based) < 121.0.2277.98
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Medium CVE-2024-21388The most insightful stories about Vulnerability - Medium
Read stories about Vulnerability on Medium. Discover smart, unique perspectives on Vulnerability and the topics that matter most to you like Cybersecurity, Hacking, Security, Love, Life Lessons, Relationships, Self Improvement, Life, and Poetry.
6 months ago
Microsoft patches Edge browser vulnerability that could have led to malicious extension installation
Microsoft has released a critical security patch for its Edge browser, addressing a vulnerability that could have allowed attackers to install malicious extensions without user’s knowledge. Security researchers at Guardio Labs, who discovered the flaw (designated CVE-2024-21388), disclosed it to Mic...
6 months ago
Medium CVE-2024-21388The most insightful stories about Browser Extension - Medium
Read stories about Browser Extension on Medium. Discover smart, unique perspectives on Browser Extension and the topics that matter most to you like Chrome Extension, Browsers, Extension Development, Chrome Extension Ideas, Productivity, Chrome, JavaScript, Web Development, and Extension.
6 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by The Hacker News
Vulnerability published.
Vulnerability Reserved.