Google discloses Microsoft security flaw before fix is released

Microsoft Edge

Microsoft Edge

As a result, Google published details of the bug immediately, so Microsoft Edge users are now adrift without a patch for almost a month.

Details of the security bypass bug were originally shared with Microsoft on 17 November a year ago, but because Microsoft wasn't able to come up with a suitable patch within Google's non-negotiable 90-day fix period, the security researchers made it public. Although most modern web browsers rely on Just-in-Time (JIT) compilers, this created complications with ACG, which forced Microsoft to transition the JIT functionality of Chakra into a separate process that runs in an isolated sandbox, which according to the company, was a hard task to accomplish. Google disclosed a major Windows bug back in 2016 just 10 days after reporting it to Microsoft, and the company has revealed zero-day bugs in Windows in the past before patches are available.

Detailed here on Google's Project Zero bug-tracker, the flaw impacts the just-in-time compiler that Microsoft's Edge browser uses to execute JavaScript and makes it possible to predict the memory space it is about to use.

Exactly 90 days post-discovery, Google revealed Microsoft's excuse, quoting: "The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team IS positive that this will be ready to ship on March 13th, however this is beyond the 90-day SLA and 14-day grace period to align with Update Tuesdays", Microsoft reportedly told Google.

More news: Healthcare Realty Trust Inc (HR) To Go Ex-Dividend on February 22nd
More news: Oxfam says Haiti director admitted using prostitutes
More news: Israel, US successfully test Arrow-3 missile

But, Microsoft even missed the second deadline to produce the patch of the vulnerability. The way coding is now set up on Microsoft Edge allows hackers to bypass the security features of the program.

The flaw in Microsoft Edge is rated "medium" in terms of severity. As is the team's policy, companies generally have 90 days to fix flaws that it discovers before a public disclosure. However, given Edge's small market share, the security issue was unlikely to affect too many people though it is still embarrassing for the company.

The vulnerability was first discovered by Google's Project Zero in November 2017.

Recommended News

  • South Korea's Ko leads Australian Open by two shots

    South Korea's Ko leads Australian Open by two shots

    Haglund, who was shaking with excitement after her round, won a auto thanks to her hole-in-one on the par-3 14th on Saturday. Asked about her goals for the week, Ko replied: "First one is make the cut, second one is enjoy".
    Nokia 8 Pro under development, may be ready with Snapdragon 845

    Nokia 8 Pro under development, may be ready with Snapdragon 845

    Vk.com is now reporting that the device will be arriving at the MWC 2018 with a Snapdragon 450 processor beating at its heart. As per Airtel's initiative, HMD Global smartphones - Nokia 3 and Nokia 2 are available at a flat Rs 2000 cashback.
    Jivi Mobile Partners With Reliance Jio For 4G Smartphones At Rs 699!

    Jivi Mobile Partners With Reliance Jio For 4G Smartphones At Rs 699!

    On the camera front, the Energy E3 comes with 5-mp rear camera lens and 2-mp front camera lens. The vouchers can be redeemed for recharges of Reliance Jio's plans on MyJio app .
  • 1000 students expelled for cheating in Class 12 exams in Bihar

    1000 students expelled for cheating in Class 12 exams in Bihar

    The Bihar Board expelled almost 1,000 students for cheating during the Class 12 examinations, said an official here on Saturday. In fact, a video of youth climbing the building of an examination hall to help their friends had become viral in 2015.
    Homan's Canadian rink bests USA  11-3 following three straight losses

    Homan's Canadian rink bests USA 11-3 following three straight losses

    Curling has a deeply ingrained ethos of good sportsmanship, and the rules dictate that players treat their opponents kindly. Next thing you know they had losses to Korea and the Danes, and Danish skip Madeleine Dupont called them afraid to lose.
    Olympic results: USA-Finland women's hockey

    Olympic results: USA-Finland women's hockey

    A trip to the gold medal match is on the line for the Canadians as they attempt to defend their gold for the fifth straight time . The Finns, ranked third in the world previous year , will try to take home the bronze medal for the first time since 2010.
  • First Set Of Oscar Awards Presenters Unveiled

    First Set Of Oscar Awards Presenters Unveiled

    The Oscar live will telecast on the 5th March on Star Movies and Star Movies Select at 5.30 AM. Haddish announced Oscar nominations in January alongside Andy Serkis.
    Arsene Wenger ready to splash £45m on number one transfer target

    Arsene Wenger ready to splash £45m on number one transfer target

    And the Daily Mail claims Wenger wants a deal done before Fekir, 24, joins his global team-mates at the World Cup. And according to the Daily Mail , Arsenal have made him their number one transfer target for next summer.
    Theresa May announces review of university fees

    Theresa May announces review of university fees

    Restoring maintenance grants for poorer students, scrapped previous year , would reduce their level of borrowing. She also said interest rates on student loans should be cut to zero to ease the cost of graduate repayments.
  • Dillon wins crash-marred Dayton 500

    Dillon wins crash-marred Dayton 500

    The two-time Daytona 500 victor retired last season and was back at the track in a much different role. "My heart is broken". And it's amusing , we were talking about it in practice, and a little bit today how much more effective side-drafting was.
    Ramaphosa pledges a new dawn for SA

    Ramaphosa pledges a new dawn for SA

    His presidency has been marred by corruption scandals that have fuelled public anger in Africa's most developed country. The country faces many economic challenges, including unemployment of over 25 percent and slow growth.
    WWE announces a second match for Raw

    WWE announces a second match for Raw

    The seven participants of the men's Elimination Chamber match will clash against each other in a gauntlet match. He is also now going under his real name, Fred Rosser.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.