An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) before 84.0.522.40 when DLL files are allowed to download without prompting additional warning to the user. An attacker who successfully exploited this vulnerability could drop the DLL files on the users Download folder (or equivalent) and gain elevated privileges. To exploit the vulnerability, the user must browse to a malicious website that is design to download a DLL file and click on the page to being the process. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to go to the malicious site.