This Microsoft Edge security flaw could have allowed hackers to install all kinds of malicious extras - but there's good news

Microsoft Edge was vulnerable to a unique flaw that allowed threat actors to install malicious extensions on the browser, without the victim’s knowledge, or consent. This could lead to a wide array of security incidents, as extensions can grab screenshots, store sensitive user data, and more.

The good news is that the flaw was discovered last year, and patched earlier this year - so if you’re using Edge, chances are you’re already protected against this vulnerability.

As per a report on The Hacker News, security researchers from Guardio Labs discovered a privilege escalation flaw, which is now tracked as CVE-2024-21388. It carries a severity score of 6.5, and revolves around the fact that Edge was designed to have privileged access to some private APIs. This access makes it possible for the browser to install add-ons in the background, as long as they’re from the vendor’s ...