Google exposes security flaw in Microsoft Edge


Google has revealed the details of a security vulnerability found in Microsoft Edge before Microsoft could develop a patch to address it. 

The vulnerability was discovered by a team of security researchers at Google's Project Zero back in November at which time they informed the company of the bug in its Arbitrary Code Guard (ACG) feature.  The team typically gives companies a 90-day disclosure deadline before making its finding public.

However, this time Project Zero provided Microsoft with an additional grace period of two weeks at the company's request.  As of now though, the vulnerability still remains and the team has made the details of the “ACG bypass using UnmapViewOfFile” bug public. 

Microsoft plans on finally addressing the bug in next month's Patch Tuesday though Google has classified the vulnerability which involves the Just in Time (JIT) complier for Javascript as being of Medium severity.  If exploited by an attacker, the security issue could be utilised to predict the address of processes that will be called. 

Those who use Microsoft Edge as their default browser can find more details on the vulnerability in Project Zero's entry describing it though the issue will likely only affect a small number of people who have opted to use the company's browser over the competition. 

Image Credit: JPstock / Shutterstock