In April 2024, an important vulnerability called CVE-2024-29987 was disclosed, affecting Microsoft Edge (Chromium-based). This security flaw is categorized as an information disclosure vulnerability. While it doesn't immediately give full control to an attacker, it does expose sensitive details that can be leveraged in larger attacks.
In this article, we'll break down what CVE-2024-29987 is, how it works, and what it means for anyone using Microsoft Edge. We'll dive into real-world impact, provide code snippets showing the problem, detail how it can be exploited, and share references for further reading. Our aim is to help developers, IT professionals, and average users truly understand why this matters—and how to stay safe.
What is CVE-2024-29987?
CVE-2024-29987 is a security flaw in Microsoft Edge that stems from its Chromium-based core. Specifically, the vulnerability allows a specially crafted web page running in Edge to access memory contents that should be off-limits. This memory may contain sensitive data such as authentication tokens, personal information, or data belonging to other websites.
Microsoft’s official advisory:
- Microsoft Security Update Guide - CVE-2024-29987
Chromium’s bug tracker (restricted):
- Chromium Issue Tracker
How Does the Vulnerability Happen?
At its core, CVE-2024-29987 involves an issue with buffer boundary checks when processing certain web content, such as images, scripts, or CSS. If Edge fails to properly check how much data a web page can read or write, an attacker could create a page that tricks the browser into reading more information than it should.
This is often called an "out-of-bounds read" vulnerability.
Technical Code Sample
Let’s look at a simplified example inspired by how these vulnerabilities usually happen in browsers.
Suppose Edge has code like this (in C++)
char buffer[512];
// Browser reads user-supplied data into buffer, but misses length check
memcpy(buffer, user_input, input_length); // input_length controlled by attacker
// Later, browser sends back part of buffer in response, inadvertently leaking old data
send_response_to_page(buffer);
An attacker can then manipulate input_length to make the browser read more memory than it should. If the site serves the buffer to JavaScript, it could look like this:
fetch('https://vulnerable-edge-site.com/beacon';)
.then(res => res.arrayBuffer())
.then(arr => {
// arr contains leaked memory here!
// Attacker can parse arr to extract cookies, auth tokens, etc.
console.log(new Uint8Array(arr));
});
This is only a template—actual exploitation in Edge is more complex and involves figuring out exactly which feature or web API is vulnerable. But this illustrates the basic problem: not checking data boundaries carefully, which leaks what’s in memory.
What Could Attackers Actually Do?
- Fingerprint Users: Attackers could access information about other tabs, cookies, or session data.
- Leak Tokens: If a browser session contains sensitive cookies or tokens in memory adjacent to an exposed buffer, these could be extracted.
- Bypass Same-Origin Policy: Normally, JavaScript from one site can't read data belonging to another. This vulnerability could break that isolation.
- Aid in Further Attacks: Disclosed information might help attackers craft exploits for larger, more dangerous vulnerabilities.
JavaScript reads the response, finding uninitialized memory or data from other sites.
4. The attacker parses this data, looking for interesting information (tokens, .NET cookies, personal emails, etc.).
Official Microsoft Advisory:
NIST NVD:
Chrome Releases:
Closing Thoughts
CVE-2024-29987 is a strong reminder that even modern browsers like Edge aren’t immune to software bugs with serious security implications. While Microsoft patched the issue quickly, millions of users were exposed in the meantime.
If you build web apps, always be cautious about what you serve to users, and keep up-to-date with security news. If you use Microsoft Edge, make sure it’s fully updated and consider enabling auto-update if it isn't already.
Got questions or concerns? Let us know in the comments!
> Stay safe. Keep your browser updated. And remember: security is everyone’s responsibility!
*Written exclusively for the curious minds at OpenAI.*
Timeline
Published on: 04/18/2024 19:15:11 UTC
Last modified on: 04/19/2024 13:10:25 UTC