social network

Google spoke about the vulnerability in the Microsoft Edge browser before the release of the patch

In November 2017, Google experts discovered a vulnerability in the Microsoft Edge browser, which is built into Windows 10 by default. The researchers gave the company 90 days to correct the error, since it was classified as an “average” threat level. After that details of the vulnerability were promised to be published in the public domain. This is reported by the Neowin website.

The developers did not have time to prepare the patch on time and asked to give them more time. Then Google added another two weeks to three months, but Microsoft experts said that “the patch was more complicated than they thought.” The engineer of Google noted that the exact date of correction of this error is still unknown.

The vulnerability in Edge is related to the use of kernel memory. In February 2017, Microsoft announced that it will use the Arbitrary Code Guard (ACG) system in the browser. It isolates the Just-in-Time (JIT) compilers into a separate process, which are also responsible for processing JavaScript.

Technically, this measure was aimed at protecting users, but it turned out that the connection between the isolated JIT and the main executable code of the browser can be compromised. Vulnerability allows you to create an executable page in memory.

It’s not the first time that Google has published vulnerability information before patches. For example, in 2016, the company described a major vulnerability in Windows 10 days after it was transferred to Microsoft.

In addition, the company often makes exceptions to its own rules, especially if it concerns its products. In the case of Meltdown and Specter vulnerabilities, Google engineers discovered problems with Intel, AMD and other chips six months before the publication of the details. However, the errors affected the devices on the android along with the others.

Back to top button