Categories: Gadgets

Microsoft pays Rs 15 Lakh to 2 Indians to find major security defects

Microsoft recently improved important security shortages in the Internet Edge browser after two Cyber ​​security researchers – Vansh Devan from Uttar Pradesh and Shivam Kumar Singh from Haryana – told Microsoft about the same thing.
The duo found “vulnerable codes” involving UXSS (Universal Cross Site Script) in Microsoft Translator who came pre-installed in the Edge browser and reported the same thing under the Bounty Chromium program.
Microsoft paid the highest prize of $ 20,000 (approximately RS 15 lakh) to them.
While Shivam runs its own business and becomes a part-time bug hunt, Vansh has completed his third year in computer science B.Tech from a beautiful professional university and is a cyber security fan.
Security vulnerability, tracked as CVE-2021-34506, has been repaired in the latest release of Microsoft Edge Stable Channel (version 91.0.864.59).
The impact of security weakness is very severe like anyone who visits the website using the Microsoft Edge browser and pressing the Language button Translate to read content in the language they can inject arbitrary code to do whatever they want.
“We made a profile on Facebook with a name in different languages ​​and load XSS and send friend requests to victims (he uses Microsoft Edge) as soon as he checks his profile he is hacked (SCC popup due to automatic translation),” explained Vansh Devan who runs Cyberxplore Private Limited together with this friend Shivam Kumar Singh.
The only prerequisite for running a simple arbitrary code: Use the Microsoft Edge browser and stay on automatically.
Explain payload, cyberxplore team in their blog posts, “We have written reviews about Google for Hackenews companies with different languages ​​+ xss payload everyone who explores the Link Review (Popup XSS due to automatic translation).” Duo claims that they can even pass YouTube and the Windows Store application exploit this vulnerability.
“Unlike the General XSS attack, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extension to produce conditions of XSS, and carry out malicious code.
When such vulnerabilities are found and exploited, browser behavior is affected and its security features can be passed or Disabled, “he explained.

news2in

Share
Published by
news2in

Recent Posts

44 ordered to attack the procession

Ludhiana: The police have submitted FIR to four identified and at least 40 unknown attackers…

3 years ago

Punjab: Police Reject conspiracy theory in the case of Deep Sidhu

Sonīpat / Ludhiana / Ambala: Actor Punjabi - Activist Activist Deep Sidhu, who died in…

3 years ago

Punjab: Hidden Strength Working Behind PM Narendra Modi, Arvind Kejriwal, said Rahul Gandhi

PATIALA / MANSA / BARNALA: Attacking Prime Minister Narendra Modi and AAP National Convener Kejriawal,…

3 years ago

BJP made AAP to endanger the Congress, said Ajay

Jalandhar: BJP and AAM AAM AADMI parties are one party, Secretary General of the Ajay…

3 years ago

Our job is to make Punjab No. 1 State: Meenakshi Lekhi

Ludhiana: Minister of Union Culture Meenakshi Lekhi while campaigning to support the BJP candidate from…

3 years ago

Feb 20 is an opportunity to change the destiny of Punjab and his children: Bhagwant Mann

Machhiwara (Ludhiana): AAM AAM AADMI Party (AAP) Head of Punjab Candidate and Members of Parliament…

3 years ago