Stories
Slash Boxes
Comments

SoylentNews is people

What Website Are You Really on? Edge Zero-Day Leaves Windows Users With No Clue

posted by chromas on Thursday May 03 2018, @09:50PM   Printer-friendly
from the running-windows—I-mean-javascript—I-mean-malware dept.

fyngyrz writes:

From The Daily Swig:

A serious vulnerability in the latest version of Microsoft Edge [a Windows web browser ed] enables attackers to spoof URLs with just five lines of code. The flaw, discovered by Argentine researcher Manuel Caballero, can make a malicious website appear to be legitimate through the use of the Stop() command, which interrupts the page loading process. With the target URL still appearing in the address bar, the document.write() JavaScript command can then be used to overwrite the contents of the page.

[...] With this bug, probably the only truly safe way reach any website using Edge is to open a new tab and type the URL by hand, or access it through your bookmarks.

This vulnerability appeared in a recent "security" update from Microsoft; users of Edge might want to investigate what version they are using.

Original Submission

 
This discussion has been archived. No new comments can be posted.
What Website Are You Really on? Edge Zero-Day Leaves Windows Users With No Clue | Log In/Create an Account | Top | 41 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday May 04 2018, @01:28AM (1 child)

    by Anonymous Coward on Friday May 04 2018, @01:28AM (#675414)
    Why not nit-pick? Because that's not what this story is about, and you're straying very far from the terrible security implications of the Edge bug. The security of third-party sites is a whole other problem.

  • (Score: 3, Insightful) by requerdanos on Friday May 04 2018, @02:30AM

    by requerdanos (5997) Subscriber Badge on Friday May 04 2018, @02:30AM (#675443) Journal

    Why not nit-pick? Because that's not what this story is about

    Yeah, that's what this story is about. Nit-picking over whether you are "on a website" or "looking at data loaded from somewhere linked by a script loaded from the website."

    Given that many websites aren't "sites" so much as agglomeration of scripts from dozens of servers each with its own tracking and misfeatures, this is a very, very fine distinction indeed.