Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability.

A tweet on November 1 announced that Microsoft Edge had been compromised once more. The proof was an image with the web browser that appeared to launch the popular Windows Calculator app.

Exploit developer Yushi Liang informed his followers that the objective was to escape the browser sandbox and that he had teamed up with Alexander Kochkov to work on achieving it.

The efforts of the two experts were hampered by a "crash bug in the text editor" Liang was using to write the exploit code.

In a conversation with BleepingComputer, Liang said that they were focusing on developing a stable exploit and attaining full sandbox escaping of the code. The duo was also looking for a method to escalate execution privileges to SYSTEM, which would be the equivalent of taking complete control of the machine.

The expert found the zero-day bug with the help of the Wadi Fuzzer utility from SensePost. He told us that he has already created the PoC (demo available below) code that validated his findings.

Payouts for an Edge RCE exploit

The market for 0days is robust and there are plenty of exploit brokers ready to offer attractive compensation to developers of fresh penetration code targeting web browsers.

Zerodium pays $50,000 for a remote code execution (RCE) 0day exploit in Edge and doubles the payout for when sandbox escaping is achieved.

Coseinc's Pwnorama payout program offers up to $30,000 for a previously undisclosed RCE exploit in Microsoft's browser and increases the reward up to $80,000 if it is accompanied by local privilege escalation.

Vulnerability brokers are not the only ones offering juicy payouts for exploits. This year's edition of the Pwn2Own computer hacking contest Trend Micro's ZeroDay Initiative program offered $60,000 for a sandbox escape exploit for Microsoft Edge.

Liang's web browser exploits

Zero-days in web browsers seem to have captured Liang's focus lately as the developer recently wrote an exploit chain that achieved RCE on Firefox that took advantage of three bugs.

The developer said that this proved to be a difficult task to wrap because of a third bug that required more work to get to obtain the coveted result.

In another recent project, Liang set sight on Chromium browser where he was able to achieve code execution without sandbox escape, a task he relayed to a friend of his.

To show that his PoC works, Liang shared with BleepingComputer the video below. To add a fun twist, the developer made Edge launch Mozilla Firefox and load the download page for Google Chrome:


Related Articles:

Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks

VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available

Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now

Attackers Use Zero-Day That Can Restart Cisco Security Appliances

Windows Defender Bug Needs a Restart, Not Shutdown, To Enable Sandbox