UXSS/SOP bypass on IE: more adventures in a domainless world, thanks to incomplete and non-backported patches. 🤔😬 brokenbrowser.com/uxss-ie-domain…

MS Edge Referrer Spoof - How to spoof the referrer even after MS patch. 😱(also, inject an iframe everywhere) 😬 brokenbrowser.com/referer-spoofi…

MS Edge - Defeating the popUp blocker, the XSS filter and SuperNavigate with our fake ticket to the Intranet Zone 🤣 brokenbrowser.com/free-ticket-to…

Microsoft Edge - Detecting Installed Extensions from JS A generic method that works without manifest cooperation. 🤣 brokenbrowser.com/microsoft-edge…

MS Edge - SOP bypass abusing of the reading mode view. Spoof the user! Courtesy of the read: pseudo-protocol 🤣😇 brokenbrowser.com/sop-bypass-abu…

Another (different!) Microsoft Edge SOP bypass on the same week! 🤓😁 Bug hunter: I will blog on the weekend. Thanks for your patience!

MS Edge - SOP bypass / UXSS - "Tweeting like Charles Darwin" 🤣 brokenbrowser.com/sop-bypass-uxs… One minute video: youtu.be/K3Ui3JxZGnE

MS Edge - UXSS/SOP bypass. A different method which brings us even more bugs other than UXSS. Blog once the previous ones (2) are patched🐢

UXSS/SOP bypass in several programs that use the Trident engine. The IE Tab extension for Chrome is an example. youtube.com/watch?v=eDW287…

I didn't know that in Intranet Zone, Edge automatically opens xaml/xbap files out of the AppContainer. Interesting to jmp from Edge to IE.🐰

MS Edge - Spoofing the Malware Page was patched today *and bypassed* again. Spoof the user again! (1 byte change) 👎 cracking.com.ar/demos/edgesmar…

The Intranet bug was patched, but both UXSS/SOP bypasses are still alive. Also another one is coming out soon. 👌 "Bounty" ends next week.

MS Edge - UXSS/SOP bypass. [Open/Redirect/Data]. Steal cookies, passwords and more. brokenbrowser.com/sop-bypass-uxs… Video: youtube.com/watch?v=vO6LRO…

Same issue sent to both Microsoft Security and Chrome . Instead of testing the browser speed, let's check the patching time speed! 🐰 vs 🐢?

IE11 - popUp blocker bypass - Combined with zombie alerts? popUps from everywhere! cracking.com.ar/demos/iepopups/ Video: youtube.com/watch?v=GemH59…

Microsoft Security Chrome 8 days later, Chrome is patched. Issue will become public soon [ bugs.chromium.org/p/chromium/iss… ] From MSRC? Just the default thanks message. 🐢👍

If anyone "exploits" Edge in a sec. conf, demand her to open cmd.exe instead of calc.exe. The latter can be open without vulns at all.

June's update: all SOP bypasses patched, but the "reading-mode" one, IMO, incomplete. See the screenshot below, Microsoft Security Response Center Thanks! 👍

IE11 - Find out where the user is going AND what she typed into the address-bar. brokenbrowser.com/revealing-the-… Video: youtube.com/watch?v=xyzd7P…

MS Edge - Address Bar Spoof - cracking.com.ar/demos/edgespoo… Tested on: MS Edge 42.17134.1.0 Thanks Avinash, your question inspired me to test a bit and stumbled upon this bug.