Components Affected
Versions prior to 91.0.864.59
Overview
Microsoft rolled out an update for the Edge browser to fix two security issues where one could allow an attacker to bypass security and perform arbitrary code execution.
Description
Universal cross-site scripting (UXSS) vulnerability (CVE-2021-34506) found in the Microsoft Edge browser which can be triggered when automatically translating web pages using the browser’s in-built feature called Microsoft translator.
A successful exploit of this vulnerability would allow an attacker to bypass security and execute arbitrary codes on the target system.
Impact
✻ Exposing sensitive information to unauthorized parties
✻ Execute of unwanted/malicious programs/codes
✻ Unauthorized access
Solution/ Workarounds
Update to the latest version of (91.0.864.59) Microsoft Edge browser by visiting Settings and more > About Microsoft Edge
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.