Microsoft has recently patched a vulnerability in their Microsoft Edge browser that could allow an attacker to steal local files from a victim’s computer. The vulnerability (CVE-2018-0871) involves the SOP (Same-Origin Policy) security feature which all browsers support. This works by preventing the attacker from loading malicious code via a link that doesn’t match the same subdomain, protocol, and port. According to researchers, “Edge’s SOP implementation works as intended except one case —when users are tricked into downloading a malicious HTML file on their PC and then running it.” If the victim runs the HTML file, malicious code with then be loaded via the file:// protocol. Since it’s a local file, it does not have a domain and port value. In other words, this means that the infected HTML file could contain code that will collect and steal data from local files. Since any OS can be accessed by the file:// URL inside the browser, it allows the attacker to collect and steal any local files that they want. This attack requires the attacker to know where different files are stored, however some OS, storage and app config files are typically stored in the same location on most devices. Users are advised to be cautious when running unfamiliar HTML files.
