Microsoft Edge

Cisco Talos researchers discovered a vulnerability in the Microsoft Edge browser within the Content Security Policy enforcement functionality. A threat actor can create a malicious webpage to trigger this vulnerability and bypass the content security policy, which could allow the threat actor to collect information from users’ cookies or log keystrokes entered into forms on websites. This vulnerability was also present in Apple Safari (CVE-2017-2419) and Google Chrome (CVE-2017-5033), but both vendors have already deployed patches. Microsoft has not yet released a patch to address this vulnerability. The NJCCIC recommends all users and administrators of the Microsoft Edge browser review the Cisco Talos Report and apply the necessary update if it is released by Microsoft.

AdvisoryNJCCICMicrosoft, edge