Google discloses Microsoft security flaw before fix is released

Microsoft Edge

Microsoft Edge

As a result, Google published details of the bug immediately, so Microsoft Edge users are now adrift without a patch for almost a month.

Details of the security bypass bug were originally shared with Microsoft on 17 November a year ago, but because Microsoft wasn't able to come up with a suitable patch within Google's non-negotiable 90-day fix period, the security researchers made it public. Although most modern web browsers rely on Just-in-Time (JIT) compilers, this created complications with ACG, which forced Microsoft to transition the JIT functionality of Chakra into a separate process that runs in an isolated sandbox, which according to the company, was a hard task to accomplish. Google disclosed a major Windows bug back in 2016 just 10 days after reporting it to Microsoft, and the company has revealed zero-day bugs in Windows in the past before patches are available.

Detailed here on Google's Project Zero bug-tracker, the flaw impacts the just-in-time compiler that Microsoft's Edge browser uses to execute JavaScript and makes it possible to predict the memory space it is about to use.

Exactly 90 days post-discovery, Google revealed Microsoft's excuse, quoting: "The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team IS positive that this will be ready to ship on March 13th, however this is beyond the 90-day SLA and 14-day grace period to align with Update Tuesdays", Microsoft reportedly told Google.

Читайте также: Oxfam says Haiti director admitted using prostitutes

But, Microsoft even missed the second deadline to produce the patch of the vulnerability. The way coding is now set up on Microsoft Edge allows hackers to bypass the security features of the program.

The flaw in Microsoft Edge is rated "medium" in terms of severity. As is the team's policy, companies generally have 90 days to fix flaws that it discovers before a public disclosure. However, given Edge's small market share, the security issue was unlikely to affect too many people though it is still embarrassing for the company.

The vulnerability was first discovered by Google's Project Zero in November 2017.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Recommended News

  • Tripura polls: 25L voters decide ruling CPI(M)'s fate

    Tripura polls: 25L voters decide ruling CPI(M)'s fate

    In the last polls, the Left Front won 50 seats, including 19 of the 20 reserved for tribals, while the Congress won 10. Also, 1,000 Tripura Congress workers returned to the party in December after defecting to Trinamool in 2016.
    Gorakhpur: NISHAD candidate to fight on SP symbol

    Gorakhpur: NISHAD candidate to fight on SP symbol

    Upendra Shukla, who is now Gorakhpur's region president of BJP, has served as the party's district president in the past. Bharatiya Janata Party (BJP) has announced candidates for the Gorakhpur and Phulpur Lok Sabha by-elections on Monday.
    Wardrobe malfunction but French figure skaters still second at Winter Olympics

    Wardrobe malfunction but French figure skaters still second at Winter Olympics

    Two American teams followed, Madison Hubbell and Zachary Donohue and the brother-sister combo of Maia and Alex Shibutani. The accident took place when Papadakis threw herself backwards and her costume rode upwards in a revealing manner.
  • Ramaphosa pledges a new dawn for SA

    Ramaphosa pledges a new dawn for SA

    His presidency has been marred by corruption scandals that have fuelled public anger in Africa's most developed country. The country faces many economic challenges, including unemployment of over 25 percent and slow growth.
    Red Bull unveils 2018 vehicle  with special edition livery

    Red Bull unveils 2018 vehicle with special edition livery

    The former world champions follow British team Williams and the American outfit Haas, who unveiled their 2018 cars last week. Red Bull has become the first of Formula One's frontrunning teams to break cover with their new auto for the coming season.
    Olympic results: USA-Finland women's hockey

    Olympic results: USA-Finland women's hockey

    A trip to the gold medal match is on the line for the Canadians as they attempt to defend their gold for the fifth straight time . The Finns, ranked third in the world previous year , will try to take home the bronze medal for the first time since 2010.
  • India beat Proteas by 8 wickets

    India beat Proteas by 8 wickets

    South Africa had to use a review to overturn the decision. "If he keeps playing like this, the record will go someday. With his five-for, Kumar became the first Indian pace bowler to take a five-wicket haul in Twenty20 Internationals .
    Ko Jin-young Wins in Her LPGA Debut

    Ko Jin-young Wins in Her LPGA Debut

    New Zealand's former world No.1 Lydia Ko was eight shots off the lead after firing a one-under 71 to be three-under. Shin, who won the tournament in 2013, lost her chance to defend the title with a double bogey on par-4 eighth.

    Winter Olympics: US women return to gold medal game

    Team USA celebrates Gigi Marvin's first-period goal during their semifinal game against Finland at the PyeongChang Olympics. The Team Finland trainer immediately rushed to her aid, with the 20-year-old laying on the floor in serious pain.
  • Hamilton sends his best to Darrell Wallace before Daytona 500

    Hamilton sends his best to Darrell Wallace before Daytona 500

    Darrell Wallace Jr . sobbed in his mother's arms after he posted the best finish for a black driver in the Daytona 500 . Wallace, the son of a black mother and a white father, cried with his mother and then with his sister on the stage.
    Odinga in Zimbabwe for Tsvangirai's funeral

    Odinga in Zimbabwe for Tsvangirai's funeral

    He will be buried at his rural home at Humanikwa Village, Buhera, on Monday, according to his younger brother, Collins. KEEP UPDATED on the latest news from around the continent by subscribing to our FREE newsletter, Hello Africa .
    Soon you can edit your screenshots through the Google application

    Soon you can edit your screenshots through the Google application

    It remains unknown when the final cut will be made public but the feature is ready to test drive for anyone wanting to do so. The sharing option will allow you to share it with other apps from within the Google app or from within a Chrome Custom Tab.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.