Windows 10: Google discovers major security flaw in Edge and Internet Explorer


Google has released details of a major security vulnerability in versions of Edge and Internet Explorer running on Windows 10.

Google says the flaw could allow hackers to take control of both web browsers and launch malicious code.

Google went public after its Project Zero security team reported the vulnerability to Microsoft on November 25 last year.

In accordance with its policies, Google then disclosed details of the flaw after Microsoft failed to patch the bug within 90 days of being notified.

Google researcher Ivan Fratric said the vulnerability was labelled as “high severity” and he did not understand why it took Microsoft so long to respond.

“I will not make any further comments on exploitability, at least not until the bug is fixed.

“The report has too much info on that as it is (I really didn’t expect this one to miss the deadline),” Mr Fratric said.

In its official notes, Google said the vulnerability “allows remote attackers to execute arbitrary code”.

It is believed the flaw is linked to how Egge and Internet Explorer format different parts of web pages.

This isn’t the first time Google has publicly shamed Microsoft for failing to patch a security vulnerability.

Last year, Google went public with a bug in Windows 10 that leaked sensitive data that was stored in the computer memory.

In response Microsoft told tech site Arstechnica: “We believe in coordinated vulnerability disclosure, and we’ve had an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk. Microsoft has a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”

While the statement offers no advice on how users may protect themselves or when the issue will be patched, there is no evidence yet the vulnerability has been used to carry out any large scale cyber attacks.


Comments are closed.