A New RCE Vulnerability has been Detected in the Edge Browser - Recently, IB security researcher Yushi Liang posted on his Twitter evidence of a 0-day vulnerability detection in the Microsoft Edge browser. The specialist writes that the vulnerability was found using the Wadi Fuzzer tool , with the support of the Russian specialist Alexander Kachkov. The publication of a proof-of-concept exploit and a detailed report on the problem is expected soon. In the meantime, Liang showed a screenshot showing the launch of the calculator.
It is known that the problem allows to escape from the sandbox, and the researchers are trying to find a way to elevate privileges to the SYSTEM level, which will be equal to the complete compromise of the vulnerable machine.
Also, the expert has already published a PoC-video showing the problem in action. In the video clip, Liang forced Microsoft Edge to launch Mozilla Firefox and open the Chrome download page.
At the same time, the researcher does not hide that creating a working exploit capable of escaping from the sandbox, he aspires because vulnerability brokers offer large sums for such solutions. For example, the company Zerodium pays $ 50,000 for RCE in Edge and other popular browsers, and this amount doubles, if we are also talking about escape from the sandbox.
Tim Berners-Lee Urged to Reduce the Influence of IT-companies - The creator of the World Wide Web, Tim Berners-Lee in an interview with Reuters said that technology companies in Silicon Valley, such as the Google and Facebook, are dangerous. According to him, they have monopolized the market, which can lead to problems.
According to the expert, IT giants that emerged in the 90s of the XX century, today have become richer and more influential than many states. The total cost of Apple, Microsoft, Amazon, Google and Facebook in 2017 was $ 3.7 trillion, which is equal to Germany's GDP for the same year.
The threat is the access of companies to personal data of users. It inspires fear and the spread of hatred through social networks.
"The father of the World Wide Web" said he was disappointed with the current state of the Internet, as well as with the monopoly rights of IT giants. According to him, they fully control the shared market.
One of the ways to solve the problem Berners-Lee calls healthy competition of small companies with the giants of the market. But so far, Google, Facebook and Microsoft have no visible alternatives based on the principles of open source and decentralization. The existing solutions are supported by enthusiasts and are not known to everyone.
Another option is far more radical. Berners-Lee admits the possibility of reducing the influence of giant companies by crushing them and reducing capitalization.
In October 2018, Tim Berners-Lee announced that he had found a way to give users control over their data, which is now in the hands of large companies. The Solid system ( so cial li nked d ata), developed at MIT, should help preserve the personal information of Internet users.