A Google Chrome developer has discovered a high-severity vulnerability in Microsoft’s Edge browser, a flaw that enables an attacker to read sensitive data on a user’s browser including details from other tabs and authenticated websites.
In a detailed post, Jake Archibald revealed an attacker can exploit the flaw to gain sensitive data that could fundamentally enable them to read emails, access online banking information or the user’s Facebook feed and any other information loaded on a website tab. The vulnerability was discovered among both Firefox and Microsoft’s Edge browsers.
The exploit occurs when an attacker leverages a hole in the mechanism through which browsers treat cross-origin requests for multimedia content. Typically, the multimedia content is fetched when a browser makes a request via the “range” parameter, from a different domain. When a browser requests the audio tags, a malicious website can fetch this content via the ‘range’ parameter while loading the rest inside the ‘audio’ tag.
Archibald explains that loading content inside an audio tag could enable a malicious website avoid being analyzed by CORS (Cross-Origin Resource Sharing), a defense mechanism in browsers that prevents websites from accessing content in other websites. In other words, an attacker can discreetly retrieve data from other browser tabs without alerting the victim.
“I’ve covered two browser security issues here, but these bugs started when browsers implemented range requests for media elements, which wasn’t covered by the standard.,” Archibald said. “These range requests were genuinely useful, so all browsers did it by copying each others behaviour, but no one integrated it into the standard. The result is the browsers all behave slightly differently, and some ended up with security issues.”
Both Microsoft and Mozilla have since released patches for the critical bug.
Image credit: LIFARS archive.