# 🇮🇱 **#BringThemHome #NeverAgainIsNow** 🇮🇱 **We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home. https://stories.bringthemhomenow.net/** Microsoft Edge Vulnerability Exploit (CVE-2024-21388) This Python script exploits a vulnerability (CVE-2024-21388) in Microsoft Edge, allowing silent installation of browser extensions with elevated privileges via a private API. Description Guardio Labs discovered a vulnerability in Microsoft Edge, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge. The vulnerability was promptly disclosed to Microsoft, leading to a resolution in February 2024. https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca Exploitation Overview The vulnerability enables anyone with a method to run JavaScript on bing.com or microsoft.com pages to install any extensions from the Edge Add-ons Store without the user’s consent or interaction. This is an "Elevation of Privilege" issue classified as Moderate in severity by the Microsoft Security Response Center (MSRC). Exploit Method The script utilizes a private browser API accessible from privileged…Read More
References
Back to Main