Additionally, an attacker can steal cookies in a similar manner. More demos are available on a page Caballero set up here.
Two weeks ago, Caballero found another SOP bypass in Edge, which an attacker could also exploit to steal cookies and passwords. That particular exploit relied on a combination of data URIs, meta refresh tag, and domainless pages, such as about:blank.
Compared to the previous SOP bypass, the technique Caballero disclosed yesterday has the advantage that it’s faster to execute compared to the first, which required the attacker to log users out of their accounts and re-authenticate them in order to collect their credentials.
Edge plagued by three unpatched SOP bypasses right now
What’s more worrisome is that Microsoft has not patched any of the SOP bypass issues the expert discovered.
“We have 3 SOP bypasses right now,” Caballero told Bleeping Computer today when asked to confirm the status of the three bugs.
This month’s Patch Tuesday, released two days ago, patched the Edge SmartScreen issue Caballero discovered last December, but the researcher found a way to bypass Microsoft’s patch within minutes.