Project Zero Outs Edge Bug That Microsoft Has Problems Fixing

If you take a look here at Google’s Project Zero bug-tracker, you’ll see that Google has disclosed a bug in the Microsoft Edge browser that is kind of nasty. It centers around the  just-in-time compiler that Microsoft’s Edge browser uses to execute JavaScript. In short, the bug makes it possible to predict the memory space it is about to use. Once an attacker knows about that memory, they could pop their own code in there as Edge executes instructions of their choice rather than JavaScript in the web page the browser was rendering. That of course leads to pwnage.

However, Microsoft is struggling to fix this as detailed in this post that the company put up. They hope to have something by March 13th, but that would be outside the 90 day window and 14 day grace period that Google gives companies to fix stuff. Thus now that this is public, you can fully expect that bad guys on the Internet will be figuring out ways to make attack code that will pwn users of the Edge browser. Thus for the time being, you might want to use another browser until this gets fixed.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: