«

»

Microsoft Edge vulnerability exposed as Microsoft misses Google’s Project Zero disclosure deadline

Share this...Share on Google+Share on LinkedInTweet about this on TwitterShare on FacebookShare on RedditDigg thisEmail this to someone

Google has revealed details of a security vulnerability in Microsoft Edge before a patch has been produced. Through Project Zero, Google notified Microsoft about a bug in the browser’s Arbitrary Code Guard (ACG) feature back in November, giving the company the usual 90-day disclosure deadline. Google went further, granting Microsoft a further grace period of two weeks on request, but the vulnerability remains unfixed in Windows 10. As such, details of the “ACG bypass using UnmapViewOfFile” bug have now been made public. See also: Microsoft gives sysadmins Meltdown and Spectre detection in Windows Analytics Microsoft to bring Windows Defender Advanced… …Continue reading on BetaNews

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>