The Edge web browser, affected by a bug that allowed the use of a compromised site to extract information from other open tabs

[Angrry.exe™]

The Edge web browser, affected by a bug that allowed you to use a compromised site to extract information from other open tabs

Demonstrated much longer with Google Project Zero, the vulnerability corrected with the latest set of patches distributed through the Windows Update service could be exploited for indirect attacks in which simply visiting a compromised website allowed an attacker to read e- and data entered on other legitimate websites currently open in Microsoft Edge tabs.

According to the explanations provided by Microsoft itself, the vulnerability called Wavethrough is manifested by the incorrect mode in which Edge manages requests with different origins to provide information. Specifically, the vulnerability allowed Same-Origin Policy (SOP) to be bypassed, the browser honoring requests that would otherwise have been ignored.

Simultaneously, Microsoft was also informed of another vulnerability, assessed by high-risk Google experts. However, this was treated by Microsoft only with the "Important" sign, its correction not being considered an immediate emergency. Located in an operating system component called Windows Storage Services, responsible for managing file transfers and data storage operations across the entire OS, vulnerability could facilitate unauthorized access to information for applications that do not have the necessary privileges. Not yet, the bug that affects Windows 10 alone is, according to Microsoft's explanations, less dangerous, and its exploitation is not possible from a distance.