Share this article

Improve this guide

Edge receives fix for escalation of privilege vulnerability

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Microsoft takes Edge security and privacy seriously, which is necessary to stand a chance of catching on to the levels of Chrome and Firefox. Toward that end, the tech giant shipped a fix for an escalation of privilege vulnerability in its Chromium-basedbrowser.

The security patch is part of the Edge update 83.0.478.37 that is currently rolling out in the Stable channel. The non-security updates include features like automatic profile switching.

Escalation of privilege vulnerability

Microsoft calls the security risk in question CVE-2020-1195. The exposure stems from the tendency of the Feedback extension in Edge to incorrectly validate input.

Therefore, if an attacker managed to take advantage of the loophole, they could move files to arbitrary memory locations. Doing that could also give the hacker highersystemprivileges.

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges. This vulnerability could be used in conjunction with one or more vulnerabilities (for example a remotecode executionvulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.

Microsoft assigned the vulnerability an exploitation assessment index of 2. It means that users of the latest version of Edge are less likely to be a target for this kind of attack.

The escalation of privileges vulnerability, in itself, does not amount to an attacker executing illegal code. But a hacker can use it to pave the way for a more serious breach.

For example, after illegally attaining elevated privileges, they could exploit a remotecode execution(RCE) loophole. An RCE attack could in turn allow them to steal data, spy, or even stage a denial of service attack.

However, the escalation of privilege vulnerability in Edge should be no cause for alarm. Microsoft has not received any evidence of its exploitation in the wild.

If you have any questions or suggestions regarding Microsoft Edge security, you can always leave them in the comments section below.

[wl_navigator]

More about the topics:Cybersecurity,Microsoft Edge guides

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.