Information Security Specialist Manuel Caballero discovered a vulnerability in the code of the Microsoft Edge web browser in Windows 10. It gives attackers the ability to access passwords and cookies on the computer, providing unauthorized access to sites like Facebook and Twitter.

The problem lies in the Domain Control Policy (SOP) in the Edge browser. As it turned out, the implementation of this mechanism by Microsoft experts leaves much to be desired, since this vulnerability in it is the third. The two previously found methods of abuse of this rule have not yet been closed in the updates of the operating system Windows 10.

The last vulnerability, according to the researcher, is the fastest and most straightforward among all three. Caballero also expressed his dissatisfaction with the inconsistent cycle of Microsoft Edge browser updates compared to competitors like Google Chrome and Mozilla Firefox.

As proof of the existence of the vulnerability and the ability to use it, Caballero published a video on YouTube, as well as an article in his blog.

This discovery was made a few days after Google, as part of its Zero project, discovered a vulnerability in Windows 10, the severity of which was described by the word "blatant". It was shut down by Microsoft within 24 hours.