Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
The Microsoft Edge Browser Edges Into the Bug Territory
A security researcher working at Google recently discovered a high-severity vulnerability on the Microsoft Edge web browser. The flaw could allow hackers to access the victimâs sensitive information without their knowledge.
Although the security loophole has been patched, it points to the need of always keeping your programs up-to-date and avoid visiting malicious websites.
How the bug was discovered
Jake Archibald, a developer who works at Google, exposed this bug accidently and named it âWavethrough.â It is so-named because the browser security bug involves playing a wave audio, which an attacker could compromise to steal sensitive usersâ data.
Archibald discovered the bug a few months ago and has since published the details on his blog here. After finding out about the loophole, Google informed Microsoft to fix the issue within 90Â days.
And, Google made the issue public the after the lapsing of the waiting period and reluctance of Microsoft to address the problem.
The bugâs bad effects
The Wavethrough bug deals with how web browsers handle cross-origin requests to multimedia data.
It can be exploited when a malicious website employs service workers to load multimedia data inside an <audio> tag from a different location. At the same time, the site will utilize the ârangeâ parameter to fetch just a particular portion of that file.
Because of the irregularities in how browsers handle files loaded from other locations with the help of service workers inside audio tags, a hacker can easily deploy any content on the malicious website and harvest usersâ sensitive information.
Usually, browsers have an in-built safeguard called CORS (Cross-Origin Resource Sharing), which does not allow websites to load content from other websites.
However, in this serious security flaw, after luring a victim to the website, the attacker could circumvent this security measure and compel the browser to transmit data that could otherwise be unobtainable.
This implies that a user could visit a compromised website using a poorly programmed browser, allowing the attacker to access their information such as emails and Facebook updatesâââall without knowing.
Here is a video Archibald created to show the bad effects of the Microsoft Edge bug:
Fixing the Wavethrough bug
The good news is that the Wavethrough browser vulnerability does not affect all browsers. It was only majorly discovered on the Microsoft Edge browser.
Mozilla Firefox could also be susceptible to the bug, but only its beta version was discovered to be vulnerable. However, the companyâs developers fixed this issue before the bug was introduced to the main Firefox Stable release version.
Other major browsers like Chrome and Safari were found to be unaffected by the Wavethrough bug.
Microsoft, codenamed the loophole as the âCVE-2018â8235 security vulnerabilityâ and listed it as âbypass vulnerability.â The company has released updates to correct the flaw and offer users with a secure browsing experience.
Wrapping up
This is not the first time a significant security flaw is discovered on a major web browser. Therefore, improving your cyber security skills is critical to prevent your sensitive data from unauthorized access.
For example, Waqar Ahmed, who is a Certified Ethical Hacker and Certified Penetration Testing Engineer, teaches people simple tools and techniques for safeguarding themselves from falling victims to the hackers.
You can learn from him and secure your browsing experienceâââregardless of the browser you use!
The Microsoft Edge Browser Edges Into the Bug Territory was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.