Microsoft has fixed a vulnerability in the Edge browser that could be abused against older versions to steal local files from a user’s computer. The good news is that social engineering is involved in exploiting the flaw, meaning the attack cannot be automated at scale, and, hence, present a smaller level of danger to end users. Discovered by Netsparker security researcher Ziyahan Albeniz, the vulnerability involves the Same-Origin Policy (SOP) security feature that all browser support.
ORIGINAL SOURCE: Bleeping Computer