As reported by TheHackerNews reports, the researchers found that the translation feature contained a piece of vulnerable code that failed to sanitize input. This could have allowed threat actors to insert malicious JavaScript code anywhere in the webpage and subsequently executed when the user clicks the prompt on the address bar to translate the page.
What’s more, the researchers proved it was possible to trigger the attack simply by adding a comment to a YouTube video, which is written in a language other than English, along with an XSS payload.
Not sure, but probably not, since it involved only their translation feature, which is probably Microsoft’s proprietary one with Bing.