Every month, major companies often release updates to further improve the performance of the devices. But they also take the opportunity to solve all the security problems that have been detected along the way, in order to keep users protected at all times. A few years ago, Google created Project Zero, a research team dedicated to detect security flaws in both applications and operating systems. These failures are quickly communicated to the manufacturer in question, giving them a 90-day margin to fix it before making it official, a position that endangers users, since friends from outside can take advantage of them to obtain user information.
Leaving Google's policy aside, these two vulnerabilities are zero day, that is, they are vulnerabilities that They are there since the application was created and have not been detected by the developer when I create the application or operating system, so the affected applications or systems have been and continue to be susceptible to attack until the problem is fixed.
According to Project Zero, this vulnerability is very easy to exploit, since it only requires 17 lines of HTML code focusing them on the rcx and rax variables, which would allow friends from outside to control our browser and thus be able to access the names of users and passwords that we have saved in Internet Explorer or Microsoft Edge.
This time the affected browsers have been Internet Explorer and Microsoft Edge. As I mentioned at the beginning of this article, Project Zero has been forced to inform users about this vulnerability since the 90 regulatory days that it has offered to Microsoft to solve this problem have passed. As reported by MSPowerUser the best way to avoid suffering some type of attack that our browser controls, is to run the browsers as if we were a guest user, that is, without privileges of any kind.