MS Edge: Abuse of Protocols to Load Local Files, Bypass HTML5 Sandbox, Open Popups and more

By dead.cell
in Web Browser Discussion & Support

 Share

Recommended Posts

Grand Master

dead.cell

Posted
Posted

Not sure if anyone's seen this, but it appears to have been posted 24 hours ago. I thought it was a good read on Microsoft Edge security, regarding an issue that was reported last month involving the abuse of protocols, and how they can be used to manipulate applications, escaping the HTML5 sandbox and so on.  The article is quite detailed in their approach, leaving room still for research regarding protocols introduced with Windows 10.

 

Quote

On October 25th, the fellows @MSEdgeDev twitted a link that called my attention because when I clicked on it (being on Chrome) the Windows Store App opened. It might not surprise you, but it surprised me!

As far as I remembered, Chrome had this healthy habit of asking the user before opening external programs but in this case it opened directly, without warnings.

This was different and caught my attention because I never accepted to open the Windows Store in Chrome. There are some extensions and protocols that will open automatically but I’ve never approved the Windows Store....

1

Read on: https://www.brokenbrowser.com/abusing-of-protocols/

 

 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Save 78% on Microsoft Office 2024 Professional Plus: Lifetime License

      By News Staff · Posted

      Save 78% on Microsoft Office 2024 Professional Plus: Lifetime License by Steven Parker Created with ChatGPT Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 78% on Microsoft Office 2024 Professional Plus: Lifetime License. The essentials to get it all done. Microsoft Office 2024 Home is the latest version of Microsoft’s renowned productivity suite, which includes essential applications like Word, Excel, PowerPoint, and OneNote. This version is specifically designed for individuals and families seeking reliable tools for various home tasks, including document creation, spreadsheet management, presentation design, and note-taking. Office 2024 Professional Plus is for students and families who want classic Office apps on their Mac or PC. A one-time purchase installed on 1 PC or Mac for use at home or school. Lifetime license One-time purchase installed on 1 Windows PC for use at home or work Instant Delivery & Download – access your software license keys and download links instantly Free customer service – only the best support! Microsoft Office 2024 Professional Plus includes: Microsoft Word Microsoft Excel Microsoft PowerPoint Microsoft Outlook Microsoft OneNote Microsoft Access Is it legit? Click here to verify Microsoft partnership No faffing about with subscriptions, just classic apps that don't expire. Good to Know ONE-TIME PURCHASE INSTALLED ON 1 DEVICE This licensing type will be connected with your Microsoft Account, NOT your actual device. This is a one-use code. The product you are purchasing is NOT MICROSOFT 365. Please read the product details. Redemption deadline: redeem your code within 30 days of purchase Access options: desktop Full versions No subscriptions – no monthly/annual fees Version: 2024 Updates included A Microsoft Office 2024 Professional Plus: Lifetime License normally costs $249.99, but this deal can be yours for just $54.97, that's a saving of $195. For full terms, specifications, and license info, click the link below. Microsoft Office 2024 Professional Plus for PC for $59.99 (was $249.99) Although priced in U.S. dollars, this deal is available for digital purchase worldwide. Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • Payday 2 engine upgrade adds 64-bit and DX11 support, drastically shrinks install size

      By +Random Stranger · Posted

      Payday TWO!! Is 13 years old man I feel old - I remember trying it out and if I did not know I would say 5-6 years ago or something
    • Payday 2 engine upgrade adds 64-bit and DX11 support, drastically shrinks install size

      By LoneWolfSL · Posted

      Payday 2 engine upgrade adds 64-bit and DX11 support, drastically shrinks install size by Pulasthi Ariyasinghe Payday 2, the most popular entry in the heisting game franchise, is getting a surprising update after all these years. This is slated to be a complete engine upgrade that will enhance almost every aspect of the 13-year-old title, targeting performance, loading times, file size, rendering backend, and more. Developer Sidetrack Games is planning a beta to test out the new version ahead of the full public launch. The development team today revealed that the long-awaited upgrade to the 64-bit architecture is happening with this Diesel 3.0 engine update. By letting the game use more ram than 4GB, it is said to improve stability and compatibility on most hardware. It should also help modders in the long term with implementing larger changes too. "While many of the changes are made on the backend and not everything will be visible to you guys because it is a massive rewrite of the entire codebase, there will be a lot of things that you can look forward to," Sidetrack explained. Payday 2 will also hop over from DirectX 9 to 11. Instead of visual improvements, this is slated to reduce the amount of VRAM used by the title, letting more lower-end hardware access the title and run it better. Since these changes would require a complete redownload of the game anyway, Sidetrack says it has revamped "the game's packaging and bundling system." This should reduce the installation size from 86GB to 32GB. "So, now it's time to finally move the game to your SSDs," added the studio. The Payday 2 Diesel Engine 3.0 update is entering open beta on June 30 for Steam users. No console release plans were announced today. Sidetrack Games says it has been working on this complete rewrite of the codebase for the last nine months. While these changes should break most mods, the studio encouraged modders to use the beta period to repair their creations with support from the development team.
    • Politically funny images of the World

      By +Edouard · Posted

    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • Week One Done
      Scoobystu earned a badge
      Week One Done
    • Week One Done
      tuben earned a badge
      Week One Done
    • First Post
      OffsetAbs earned a badge
      First Post
    • Reacting Well
      OffsetAbs earned a badge
      Reacting Well
    • First Post
      Kolakid60 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      440
    2. 2
      +Edouard
      197
    3. 3
      PsYcHoKiLLa
      156
    4. 4
      FloatingFatMan
      71
    5. 5
      Steven P.
      68
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!