New Microsoft Edge Browser Zero-Day RCE Exploit in the Works
Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability.
A tweet on November 1 announced that Microsoft Edge had been compromised once more. The proof was an image with the web browser that appeared to launch the popular Windows Calculator app.
Exploit developer Yushi Liang informed his followers that the objective was to escape the browser sandbox and that he had teamed up with Alexander Kochkov to work on achieving it.
The efforts of the two experts were hampered by a “crash bug in the text editor” Liang was using to write the exploit code.
In a conversation with BleepingComputer, Liang said that they were focusing on developing a stable exploit and attaining full sandbox escaping of the code. The duo was also looking for a method to escalate execution privileges to SYSTEM, which would be the equivalent of taking complete control of the machine. ..Read More..