all InfoSec news
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
March 27, 2024, 1:20 p.m. | Guardio
Stories by Guardio on Medium medium.com
By Oleg Zaytsev (Guardio Labs)
Guardio Labs discovered a vulnerability in the Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge. Promptly after our discovery, we fully disclosed the issue to Microsoft, leading to a resolution in February 2024.In this write-up, we unfold our discovery process, showcase the vulnerability with straightforward Proof …browser extension browsers cybersecurity exploitation vulnerability
More from medium.com / Stories by Guardio on Medium
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts
6 months, 2 weeks ago |
medium.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cloud Security Engineer
@ Gainwell Technologies | Any city, OR, US, 99999
Federal Workday Security Lead
@ Accenture Federal Services | Arlington, VA
Workplace Consultant
@ Solvinity | Den Bosch, Noord-Brabant, Nederland
SrMgr-Global Information Security - Security Risk Management
@ Marriott International | Bethesda, MD, United States
Sr. Security Engineer - Data Loss Prevention
@ Verisk | Jersey City, NJ, United States