Multiple memory corruptions in MS Edge ($215,000 USD)

We discussed this vulnerability during Episode 162 on 25 October 2022

Multiple memory corruptions in Microsoft Edge browser, there are several issues here but they all generally can be summed up as “self-corruptions”. Its things like a use-after-free by opening a dialog, closing the backing page that spawned the dialog, and then closing the dialog triggering a callback that no longer exists. There are a number of issues I won’t summarize them all here but they all fall into that sort of bucket. They are interesting, but exploitability is limited to cases where you already have control of the browser (so no drive-by style attacks or malvertising). Interesting set of bugs and a pretty high bounty though.