Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Microsoft Edge. Show all posts

Edge Browser Vulnerability Fixed, Ensuring Protection Against Chrome Tab Theft

 


A Microsoft spokesperson confirmed today that the company has fixed a bug with its Edge browser that had been causing the Edge browser to import data from other web browsers such as Chrome without the consent of users. 

However, Microsoft has not specified what exactly the problem was. The Verge, as well as other publications, such as the Washington Post and The Guardian, reported on the bug last month, with some reporters having the opportunity to experience it first-hand. Specifically, this bug affects Edge's ability to pull data from other installed browsers that the browser uses to pull data from its own database. 

After a recent Windows update, users who had previously chosen to turn off that feature were surprised to find that Edge opened with all of the tabs they had used during previous browsing sessions when they had previously disabled it. 

As a result of a reported problem with Microsoft's Edge browser, Chrome tabs and data were taken without permission and were being misused. Microsoft Edge issued an update, rectifying an issue with cross-device data import. 

The browser's feature, designed to import data with user consent, experienced glitches across diverse platforms. The problem is now resolved, ensuring proper synchronization of automatic data import settings. 

Mozilla, the developer of Firefox, recently commissioned independent experts to scrutinize Microsoft's tactics impacting consumer browser choice. Their report alleges Microsoft's strategic placement of Edge in the OS undermines rival browser selection, citing manipulation of Windows' UI design. 

Mozilla anticipates the Digital Markets Act (DMA) in the European Union will eliminate barriers to browser competition. DMA, addressing anti-competitive practices, aims to foster fair digital market competition and enhance consumer choices. 

The introduction of DMA in the EU is expected to promote increased competition in the browser market. In a strategic move, Microsoft announced the discontinuation of support for the Mail and Calendar apps in Windows 11 after December 31, 2024. 

Users are redirected to adopt the Outlook app, integrated into the Office 365 suite, aligning with Microsoft's strategy to establish Outlook as the primary email and calendar application for users.

Microsoft Announces New OpenAI-Powered Bing


Microsoft has recently launched the newest version of its search engine Bing, which includes an upgraded version of the same AI technology that powers chatbot ChatGPT. 

The organization announces the product launch alongside the new AI-enhanced features for its Edge browser, promising users that the two will offer a fresh experience for acquiring information online. 

Microsoft, in a blog post, claims the new version as a technical breakthrough with its next-generation OpenAI model. “We’re excited to announce the new Bing is running on a new, next-generation OpenAI large language model that is more powerful than ChatGPT and customized specifically for search. It takes key learnings and advancements from ChatGPT and GPT-3.5 – and it is even faster, more accurate, and more capable,” the blog post states.  

In regards to the product launch, Microsoft CEO Satya Nadella says “race starts today, and we’re going to move and move fast […] “Most importantly, we want to have a lot of fun innovating again in search, because it’s high time.” at a special event at Microsoft headquarters in Redmond, Washington. 

According to Nadella, he believed it was ready to transform how people interact with other applications and do online searches. "This technology will reshape pretty much every software category that we know," he said. 

With the latest advancements, Bing will now respond to search queries in a more detailed manner, rather than just links and websites. 

Additionally, Bing users can now interact with bots to efficiently customize their queries. On the right side of a search results page, more contextual responses will be added. 

The announcement comes a day after Google unveiled information regarding Bard, its own brand-new chatbot. 

With both companies striving to launch their products to the market, Microsoft's investment, according to analyst Dan Ives of Wedbush Securities, will "massively increase" the company's capacity to compete, he said in a note to investors following the news. 

"This is just the first step on the AI front ... as [the] AI arms race takes place among Big Tech," he added. Microsoft has been spending billions on artificial intelligence and was an early supporter of San Francisco-based OpenAI. 

It declared last month that it will be extending its partnership with OpenAI through a "multiyear, multibillion-dollar investment." 

Bing will employ OpenAI technology, according to Microsoft, which is even more sophisticated than the ChatGPT technology announced last year. Additionally, the powers will be added to its Edge web browser.   

Microsoft Edge’s Security Bypass Vulnerability Fixed

 

Microsoft released Edge browser upgrades last week that addressed two security flaws, one of which is a security bypass flaw that may be used to inject and execute arbitrary code in the context of any website. The flaw, dubbed CVE-2021-34506 (CVSS score: 5.4), is caused by a universal cross-site scripting (UXSS) bug that occurs while using Microsoft Translator to automatically translate web pages using the browser's built-in feature.

Microsoft Edge is a cross-platform web browser that was created by the company. It was first released in 2015 for Windows 10 and Xbox One, followed by Android and iOS in 2017, macOS in 2019, and Linux in October 2020 as a preview. Edge was originally designed with Microsoft's proprietary EdgeHTML and Chakra JavaScript engines, resulting in a version known as Microsoft Edge Legacy. 

On January 15, 2020, Microsoft announced the public release of the new Edge. Microsoft began rolling out the new version via Windows Update in June 2020 for Windows 7, 8.1, and Windows 10 versions released between 2003 and 2004. From March 9, 2021, Microsoft stopped issuing security fixes for Edge Legacy, and on April 13, 2021, Microsoft delivered a security upgrade that replaced Edge Legacy with Chromium-based Edge. 

Ignacio Laurence, Vansh Devgan, and Shivam Kumar Singh of CyberXplore Private Limited are credited with finding and reporting CVE-2021-34506. "Unlike the common XSS attacks, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extensions in order to generate an XSS condition, and execute malicious code," CyberXplore researchers said. "When such vulnerabilities are found and exploited, the behavior of the browser is affected and its security features may be bypassed or disabled."

The researchers discovered that the translation feature contained a flaw in the code that failed to sanitise input, allowing an attacker to potentially inject malicious JavaScript code anywhere on the webpage, which is then executed when the user clicks the prompt in the address bar to translate the page. The researchers demonstrated that adding a comment to a YouTube video written in a language other than English, together with an XSS payload, may activate the attack as a proof-of-concept (PoC) exploit. 

In a similar vein, a Facebook friend request with other language content and the XSS payload was discovered to run the code as soon as the recipient checked out the user's profile. Following a responsible disclosure on June 3, Microsoft corrected the problem on June 24 and gave the researchers $20,000 as part of its bug bounty programme.

Windows 10 New Feature Hunts and Thwarts PUAs/PUPs


Per reports, Microsoft has hinted that the next main version of Windows 10 will come stacked with a fresh security feature that would allow the users to facilitate the Windows Defender’s secret feature that helps hunt and bar the installation of known PUAs (Potentially Unwanted Applications).

PUA’s are also widely known as PUPs that stands for Potentially Unwanted Programs. These aren’t as well known by the users in the cyber-crime world as all the other major threats but are a valid threat nevertheless.

Per sources, these are software that is installed on devices via fooling the targets. The term for which the PUP/PUA stands is self-explanatory with regards to applications or programs that your device may not really need.

PUPs/PUAs go around with tactics like either by employing “silent installs” to dodge user permissions or by “bundling” an unrequired application with the installer of an authentic program.

Sources mention that PUAs most commonly contain applications that alter browser history, hinder security controls, install root certificates, track users and sell their data, and display invasive ads.

As per reports, the May 2020 update is to be rolled out to the users in the last week of this month. Microsoft mentioned that it has added a fresh new feature in its setting panel that would allow users to bar the installation of any unwanted applications or programs in the form of known PUAs/PUPs.

As it turns out, researchers mention that the feature has been available in the Windows Defender for quite a lot of time, but for it to kick start it would need group policies and not the usual Windows user interface.

As per sources, to enable the feature a user must go to ‘Start’, ‘Settings’, ‘Update & Security’, ‘Windows Security’, ‘App & Browser Control’, and finally 'Reputation-based Protection Settings’. Once updated, the feature would show two settings, the above-mentioned feature is disabled by default and would need to be enabled manually. However, Microsoft suggests, enabling both the settings.

Reports mention, that the “Block Apps” feature will scan for PUAs that have already been downloaded or installed, so if the user’s using a different browser Windows Security would intercept it after it’s downloaded. However, the “Block Downloads” feature hunts the PUAs while they are being downloaded.