Microsoft Edge Security Feature Bypass Vulnerability

A vulnerability in Microsoft Edge (Chromium-based) allows unauthorized attackers to bypass a security feature over the network. This issue arises from improper access control, enabling potential exploitation under specific conditions.

Impact

Exploitation of this vulnerability could lead to a security feature bypass, allowing an attacker to break the iframe sandbox and interact with the parent DOM. This could involve running scripts to access the read token from the parent webpage's DOM, modifying JavaScript in the parent window, but without affecting the availability of the resource.

Reproduction

To reproduce this vulnerability, an attacker must enable Edge Split Screen mode, have a specific configuration, and open a web page containing a malicious iframe. This would allow the iframe to interact with the parent DOM, exploiting the bypassed security feature.

Remediation

Users can download the security update for Microsoft Edge (Chromium-based) version 140.0.3485.54 from the Microsoft Edge Release Notes Security Update page.