Home / 2016 / December

Monthly Archives: December 2016

SOP bypass / UXSS on Microsoft Edge – Adventures in a Domainless World

Today we are going to walk around a few design issues that, when used together, will end up in a full SOP bypass or Universal Cross Site Scripting (UXSS) on Microsoft Edge. If you are not a security researcher but you still want to understand this vulnerability, think about it this way: …

Read More »

Spoofing the Address Bar with the Malware Warning

Update: this bug was patched on 2017-03-14 but we found a bypass the same day. Here it is: Bypassing the patch to continue spoofing the address bar and the Malware Warning. Over the last few months, we’ve seen a proliferation of these tech-support scams where users end up “locked” in their …

Read More »