Edge browser suffers security flaw which Microsoft failed to fix on time

Feb. 19, 2018

Google has found a vulnerability in Windows 10’s Edge browser, and the bad news is that this security bug has been disclosed to all and sundry before Microsoft could patch it.

The vulnerability can be used to sidestep Microsoft’s Arbitrary Code Guard (ACG) protection, leveraging a flaw in the browser’s JIT (Just-in-Time) compiler.

It’s classified as a “medium” severity flaw, so while not up there with the critical bugs, it’s definitely a hole which needs to be patched—and as noted, that hasn’t happened.

Google gave Microsoft the standard 90 days to fix the problem, and then an additional two weeks’ worth of time when the issue was found to be a more troublesome gremlin to remedy than first thought.

Unfortunately, even that fortnight extension wasn’t enough, so the vulnerability is now public knowledge and unpatched.

As Neowin reports, Microsoft is apparently confident that it will have the fix in line for the next big patch day on March 13. Of course, that’s still just over three weeks away.

And this delay really doesn’t look good for Microsoft, considering that the firm has had something of an uphill battle on the security front with Edge, the software giant has often talked-up the browser in terms of security, when the reality of this has sometimes fallen short, as we saw when Edge was found to be the least secure browser at Pwn2Own (a computer hacking contest held annually at the CanSecWest security conference) last year.

This certainly looks like a security slip, and won’t help Microsoft’s overall image in that respect. All that said, it’s clear that socks are being pulled up on the Edge team—for example, where phishing is concerned, Edge was rated the top browser in defending against that particular online evil in one report last October.

TechRadar has the full story

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...