If you take a look here at Google’s Project Zero bug-tracker, you’ll see that Google has disclosed a bug in the Microsoft Edge browser that is kind of nasty. It centers around the just-in-time compiler that Microsoft’s Edge browser uses to execute JavaScript. In short, the bug makes it possible to predict the memory space it is about to use. Once an attacker knows about that memory, they could pop their own code in there as Edge executes instructions of their choice rather than JavaScript in the web page the browser was rendering. That of course leads to pwnage.
However, Microsoft is struggling to fix this as detailed in this post that the company put up. They hope to have something by March 13th, but that would be outside the 90 day window and 14 day grace period that Google gives companies to fix stuff. Thus now that this is public, you can fully expect that bad guys on the Internet will be figuring out ways to make attack code that will pwn users of the Edge browser. Thus for the time being, you might want to use another browser until this gets fixed.
Like this:
Like Loading...
Related
This entry was posted on February 20, 2018 at 7:58 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Project Zero Outs Edge Bug That Microsoft Has Problems Fixing
If you take a look here at Google’s Project Zero bug-tracker, you’ll see that Google has disclosed a bug in the Microsoft Edge browser that is kind of nasty. It centers around the just-in-time compiler that Microsoft’s Edge browser uses to execute JavaScript. In short, the bug makes it possible to predict the memory space it is about to use. Once an attacker knows about that memory, they could pop their own code in there as Edge executes instructions of their choice rather than JavaScript in the web page the browser was rendering. That of course leads to pwnage.
However, Microsoft is struggling to fix this as detailed in this post that the company put up. They hope to have something by March 13th, but that would be outside the 90 day window and 14 day grace period that Google gives companies to fix stuff. Thus now that this is public, you can fully expect that bad guys on the Internet will be figuring out ways to make attack code that will pwn users of the Edge browser. Thus for the time being, you might want to use another browser until this gets fixed.
Share this:
Like this:
Related
This entry was posted on February 20, 2018 at 7:58 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.