(Pwn2Own) Microsoft Edge WriteClassesOfCategory DLL Planting Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escape the AppContainer sandbox on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the IBrowserBroker::WriteClassesOfCategory method. Executing this method can cause the broker process to load a module from an unqualified path. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the user at medium integrity.