Microsoft restricts IE mode access in Edge after zero-day attacks www.bleepingcomputer.com/news/secu…

Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices.

The tech giant did not share too many technical details but said that the threat actor combined social engineering with an exploit in Chakra to gain remote code execution.

“The [Edge security] team recently received intelligence indicating that threat actors were abusing Internet Explorer (IE) mode within Edge to gain access to unsuspecting users’ devices,” says Gareth Evans, Microsoft Edge Security Team Lead.

After exploiting the zero-day in Chakra, the attacker leveraged a second vulnerability to increase privileges and escape the browser, and take full control of the device.

Evans did not provide identifiers for the exploited vulnerabilities and said the flaw in Chakra is unpatched.