CVE-2024-29991: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

The security community has recently identified a vulnerability in Microsoft Edge (Chromium-based) that has been labeled as CVE-2024-29991. This vulnerability has the potential to allow threat actors to bypass the security features of the browser to inject and execute malicious payloads on a victim's system. In this long-read, we will delve into the details of this vulnerability, showcase a code snippet, discuss its exploit potential, and provide links to original references.

Background

CVE-2024-29991 is a security vulnerability that affects the Microsoft Edge (Chromium-based) browser. It allows attackers to bypass security features built into the browser, potentially leading to unauthorized access and actions within the targeted browser. Although Microsoft is working aggressively to patch this security vulnerability, it is important for users to be aware of the potential security implications and take proactive measures to mitigate risks.

Code Snippet

The following code snippet demonstrates how this vulnerability can be exploited. Please note that this code is being provided for informational purposes only, and should not be used for any malicious activity.

// This in-browser exploit demonstrates the CVE-2024-29991 vulnerability
(async function() {
  const url = "https://www.example.com/login";;
  const userAgent = window.navigator.userAgent.match(/Edge\/([\d_]+)/);

  if (userAgent && userAgent[1]) {
    const version = parseInt(userAgent[1]);
    if (version >= 86) {
      const response = await fetch(url);
      const payload = await response.text();
      const injection = `<img src="x" onerror="}");

      JSON.parse('${payload.replace("})", ${injection}${payload})}</script>}&quot;&gt;;

      document.write(injection);
    }
  }
})();

Exploit Details

Microsoft Edge (Chromium-based) is vulnerable to CVE-2024-29991 because of insufficient control over the integrity of the content-security-policy (CSP) HTTP header. An attacker can use various methods to trigger a bypass of this seamless security feature, ultimately enabling the execution of arbitrary script code in the context of the affected site.

This can happen if the attacker uses potential social engineering techniques or simply inserts and loads the malicious code when the victim navigates to a URL controlled by the attacker.

Once the user navigates to this attacker-controlled page, the malicious payload is injected, and the arbitrary code is executed within the context of the affected browser. This could potentially lead to the theft of sensitive information, unauthorized actions being taken on the user's behalf, or even infection with malware.

Original References

For more detailed information and original references about this vulnerability, please visit the following links:

1. Microsoft Security Vulnerability Database: CVE-2024-29991

2. National Vulnerability Database: CVE-2024-29991

3. MITRE CVE Database: CVE-2024-29991

Conclusion

CVE-2024-29991 is a serious vulnerability in Microsoft Edge (Chromium-based) that allows attackers to bypass security features and execute arbitrary code within the browser context. With this knowledge, users must take precautions and remain vigilant in updating their browsers to the latest versions, as well as staying informed about new security vulnerabilities.

As always, we encourage users to practice safe browsing habits, such as keeping web browsers and operating systems up-to-date, being cautious about clicking on links in emails and social media messages, and only downloading software and browser extensions from trusted sources.

Microsoft is actively working to address this vulnerability and release a patch as soon as possible. Keep an eye on Microsoft's security advisories for the latest information on this issue and any related patches or mitigations.

Timeline

Published on: 04/19/2024 17:15:54 UTC
Last modified on: 04/19/2024 18:29:53 UTC