Google exposes a Microsoft Edge browser flaw

Microsoft Edge browser

As part of Project Zero’s security program, Google disclosed an important vulnerability from the Microsoft Edge browser in the absence of a 90-day grace period to resolve the vulnerability. Google security researcher Ivan Fratric said the vulnerability could bypass Arbitrary Code Guard to damage Windows 10 systems. Microsoft implemented arbitrary code protection (ACG) in Windows 10 version 1703 (Creator Update), but attackers have circumvented this security mechanism and once users have accessed pages that contain malicious code, they technically Computer permissions are exposed to the attacker.

In a technical analysis of the error, Fratric explained that Microsoft had confirmed the notification as early as November, but the company said it needed more time to release the fix. The patch is expected to be ready for release on next March before the security update is released and is scheduled to be released on March 13.

“Fixes are much more complex than originally thought and due to these memory management issues we may not be able to meet the deadline set for February.” Microsoft’s security team is confident patches will be released on March 13, but this is more than 90 days wide Deadline to tie in with updates on Tuesday. Microsoft said.

The only way to stay safe is to avoid using Microsoft Edge to access unknown websites. Often these sites are emailed or instant-messed and come from untrusted sources, so there should not be much of a problem as long as you stay away from such links.