MS Edge: Abuse of Protocols to Load Local Files, Bypass HTML5 Sandbox, Open Popups and more

microsoft edge

By dead.cell
November 26, 2016 in Web Browser Discussion & Support

https://www.neowin.net/forum/topic/1314944-ms-edge-abuse-of-protocols-to-load-local-files-bypass-html5-sandbox-open-popups-and-more/

Followers 0

Recommended Posts

dead.cell

Posted November 26, 2016

- Share

Posted November 26, 2016

Not sure if anyone's seen this, but it appears to have been posted 24 hours ago. I thought it was a good read on Microsoft Edge security, regarding an issue that was reported last month involving the abuse of protocols, and how they can be used to manipulate applications, escaping the HTML5 sandbox and so on. The article is quite detailed in their approach, leaving room still for research regarding protocols introduced with Windows 10.

Quote

On October 25th, the fellows @MSEdgeDev twitted a link that called my attention because when I clicked on it (being on Chrome) the Windows Store App opened. It might not surprise you, but it surprised me!

As far as I remembered, Chrome had this healthy habit of asking the user before opening external programs but in this case it opened directly, without warnings.

This was different and caught my attention because I never accepted to open the Windows Store in Chrome. There are some extensions and protocols that will open automatically but I’ve never approved the Windows Store....

1

Read on: https://www.brokenbrowser.com/abusing-of-protocols/

Link to comment

https://www.neowin.net/forum/topic/1314944-ms-edge-abuse-of-protocols-to-load-local-files-bypass-html5-sandbox-open-popups-and-more/

Share on other sites

This topic is now closed to further replies.

https://www.neowin.net/forum/topic/1314944-ms-edge-abuse-of-protocols-to-load-local-files-bypass-html5-sandbox-open-popups-and-more/

Followers 0

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.
Similar Content
- Microsoft will finally let you sign in to Edge with a Google account
  
  By Usama Jawad96, 12 hours ago
  - microsoft
  - google
  - (and 4 more)
    
    Tagged with:
    
    microsoft
    
    google
    
    microsoft account
    
    msa
    
    google account
    
    microsoft edge
  - 3 replies
  - 2 views
  - leonsk29
  - 6 hours ago
- Microsoft Edge 149.0.4022.69
  
  By Copernic, Saturday at 17:00
  - microsoft edge
  - edge browser
  - (and 8 more)
    
    Tagged with:
    
    microsoft edge
    
    edge browser
    
    web browser
    
    browse
    
    edge
    
    64-bit browser
    
    microsoft
    
    internet browser
    
    freeware
    
    software
  - 0 replies
  - 0 views
  - Copernic
  - Saturday at 17:00
- Microsoft about to radically change how often your Edge browser updates 1 2
  
  By zikalify, Friday at 09:07
  - microsoft
  - microsoft 365
  - (and 5 more)
    
    Tagged with:
    
    microsoft
    
    microsoft 365
    
    microsoft edge
    
    edge
    
    edge 152
    
    stable channel
    
    web browser
  - 35 replies
  - 0 views
  - testman
  - Monday at 08:19
- Microsoft Edge 149.0.4022.62
  
  By Copernic, June 9
  - microsoft edge
  - edge browser
  - (and 8 more)
    
    Tagged with:
    
    microsoft edge
    
    edge browser
    
    web browser
    
    browse
    
    edge
    
    64-bit browser
    
    microsoft
    
    internet browser
    
    freeware
    
    software
  - 0 replies
  - 0 views
  - Copernic
  - June 9
- Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow 1 2 3 4
  
  By hellowalkman, June 9
  - google
  - ublock
  - (and 11 more)
    
    Tagged with:
    
    google
    
    ublock
    
    ublock origin
    
    chromium
    
    chrome
    
    google chrome
    
    microsoft edge
    
    browser extensions
    
    browser addon
    
    ad blocker
    
    ad blocking
    
    manifest v2
    
    mv3
  - 85 replies
  - 0 views
  - spacelordmaster
  - Friday at 15:33

Posts
- Samsung is shutting down yet another app used by millions
  
  By AgusL · Posted 23 minutes ago
  
  Downloads does not equal actual usage, even less when the app is pre-installed in some Galaxy phones.
- Mozilla highlights Firefox Nova 2026 redesign and more upcoming features with new roadmap
  
  By AgusL · Posted 28 minutes ago
  
  +1000 to this, don't understand why they added that margin around the top bar, even the close button is a PITA to click without aiming. Ofc, this is just preview and hopefully they will revert such odd UX decision before hitting final version.
- Rockstar gives last-gen GTA V players free upgrades tomorrow
  
  By THE END · Posted 55 minutes ago
  
  so the people who bought this will get a refund?
- Nearly half of American adults now use AI, but concerns are also growing
  
  By Jose_49 · Posted 1 hour ago
- Epic Games says Unreal Engine 6 will help developers "build content faster" using AI models
  
  By Konstantine · Posted 1 hour ago
  
  More dogwater games that run at 20fps with framegen.
Recent Achievements
- eurospharma62 earned a badge
  One Month Later
  1 hour ago
- With What earned a badge
  Week One Done
  1 hour ago
- Harris Gilbert earned a badge
  Week One Done
  1 hour ago
- Vincian earned a badge
  One Month Later
  12 hours ago
- Jocimo earned a badge
  First Post
  16 hours ago
Popular Contributors
- Week
- Month
- Year
- All Time
1. 1
  
  +primortal
  542
2. 2
  
  +Edouard
  167
3. 3
  
  PsYcHoKiLLa
  86
4. 4
  
  Steven P.
  64
5. 5
  
  ATLien_0
  64
Show More
Tell a friend
Love Neowin? Tell a friend!
- Email
- Share

Sign In

MS Edge: Abuse of Protocols to Load Local Files, Bypass HTML5 Sandbox, Open Popups and more

Recommended Posts

dead.cell

Link to comment

Share on other sites

Recently Browsing 0 members

Similar Content

Microsoft will finally let you sign in to Edge with a Google account

Microsoft Edge 149.0.4022.69

Microsoft about to radically change how often your Edge browser updates 1 2

Microsoft Edge 149.0.4022.62

Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow 1 2 3 4

Posts

Recent Achievements

Popular Contributors

Tell a friend

Company

Community

Social

Partners

Forums

News

Features

More

Themes