all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation

Add to bookmarks
March 27, 2024, 1:20 p.m. | Guardio

Stories by Guardio on Medium medium.com

By Oleg Zaytsev (Guardio Labs)

Guardio Labs discovered a vulnerability in the Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge. Promptly after our discovery, we fully disclosed the issue to Microsoft, leading to a resolution in February 2024.In this write-up, we unfold our discovery process, showcase the vulnerability with straightforward Proof …

browser extension browsers cybersecurity exploitation vulnerability

Visit resource

More from medium.com / Stories by Guardio on Medium

“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation 1 month ago | medium.com
browser extension browsers cybersecurity exploitation +1
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions… 2 months ago | medium.com
brand campaign cbs cornell +22
“Scammers Paradise” —Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing… 3 months ago | medium.com
cybersecurity dark dark web ecosystem +14
“MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browsers 3 months, 2 weeks ago | medium.com
browsers disclosure exploitation opera +1
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts 6 months, 2 weeks ago | medium.com
blockchain cybersecurity malware wordpress
“MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business… 7 months, 2 weeks ago | medium.com
cybersecurity facebook malware messenger +1
“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing… 8 months, 4 weeks ago | medium.com
cybersecurity email phishing salesforce +1
“Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… 1 year ago | medium.com
ads cybersecurity facebook facebook ads +6
“FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer… 1 year, 1 month ago | medium.com
account browser security chatgpt chrome extension +4

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cloud Security Engineer

@ Gainwell Technologies | Any city, OR, US, 99999
View on infosec-jobs.com

Federal Workday Security Lead

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Workplace Consultant

@ Solvinity | Den Bosch, Noord-Brabant, Nederland
View on infosec-jobs.com

SrMgr-Global Information Security - Security Risk Management

@ Marriott International | Bethesda, MD, United States
View on infosec-jobs.com

Sr. Security Engineer - Data Loss Prevention

@ Verisk | Jersey City, NJ, United States
View on infosec-jobs.com
View more jobs