The bug in Edge s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message. Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website. An exploit would require user interaction, though, though. Microsoft said there are no known exploits, however researchers have published a working proof-of-concept attack.
Source: https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/