Hunting for cyber bugs
The Hindu
How two students from India found a bug on a popular browser and won a reward by reporting it
As a third year B.tech student in Computer Science from Lovely Professional University (LPU), I am a cyber-enthusiast and passionate about bug hunting. A few months ago, Microsoft announced the launch of a new version of the chromium-based Edge browser, which includes new features and the sync support for passwords, history, users’ favourites, and settings across Windows, MacOS, iOS, and Android. So my friend and fellow student, Shivam Kumar Singh, and I decided to bug hunt together and chose Microsoft Edge, as it was running a bounty programme. We thought we could earn credits if we found something. We found that the Microsoft Translator has a vulnerability code involving uXSS (Universal Cross Site Scripting). As soon as we translated a page on the Edge browser, we began getting multiple pop-ups. When we this on Chrome, we found no such irregularity. This alerted us to the fact that there was a vulnerability in Edge, which was a threat to the privacy of users’ data. Due to this, if a user browsed any website on Edge and selected the translation tool to change the language, an arbitrary code would generate, thus giving hackers access.More Related News
Around 440 MBBS graduates of 2021 are not required to undergo one year of compulsory rural service as per the bond signed by them while joining the medical course through government-quota seats in 2015 as the High Court of Karnataka has said the law, enacted in 2012 for mandatory rural service, remained unenforced for 10 years as it was published in the official gazette only in July 2022.