The security patch is part of the Edge update 83.0.478.37 that is currently rolling out in the Stable channel. The non-security updates include features like automatic profile switching.
Escalation of privilege vulnerability
Microsoft calls the security risk in question CVE-2020-1195. The exposure stems from the tendency of the Feedback extension in Edge to incorrectly validate input. Therefore, if an attacker managed to take advantage of the loophole, they could move files to arbitrary memory locations. Doing that could also give the hacker higher system privileges. Microsoft assigned the vulnerability an exploitation assessment index of 2. It means that users of the latest version of Edge are less likely to be a target for this kind of attack. The escalation of privileges vulnerability, in itself, does not amount to an attacker executing illegal code. But a hacker can use it to pave the way for a more serious breach. For example, after illegally attaining elevated privileges, they could exploit a remote code execution (RCE) loophole. An RCE attack could in turn allow them to steal data, spy, or even stage a denial of service attack. However, the escalation of privilege vulnerability in Edge should be no cause for alarm. Microsoft has not received any evidence of its exploitation in the wild. If you have any questions or suggestions regarding Microsoft Edge security, you can always leave them in the comments section below.
SPONSORED
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
