While UXSS is an attack that exploits client-side vulnerabilities in a browser or browser extensions to generate an XSS condition to execute malicious code; the Edge flaw tracked as CVE-2021-34506 has CVSS score of 5.4 and the discovery credited to Ignacio Laurence, Vansh Devgan and Shivam Kumar Singh of CyberXplore.
Microsoft, however, has already rolled out updates for the Edge browser with fixes for the issue and subsequently awarded the researchers $20,000 as part of its bug bounty program.
How the Edge Browser Flaw Could have allowed anyone to Steal Your Private Data?
Also, web based applications on Windows store may be vulnerable to this kind of attack as Windows stores ships apps with Microsoft Translator which was responsible for triggering the Universal XSS (UXSS) attack.
What Edge Browser users Need to do Right away
Microsoft has fixed the issue with the latest Edge update, version 91.0.864.59 now available for download.
Therefore, it is recommended that Edge users should promptly update their browser by going to Settings and more > About Microsoft Edge (edge://settings/help) to initiate the update, if not done automatically.