Browser security is hard, and it seems sometimes it is easier to break something than to fix it. Microsoft nemesis Google Project Zero has once again made a flaw in Microsoft’s Edge browser public before the company could push out a fix. The issue is related to Microsoft’s Just In Time compiler for Javascript, which…
by Surur
@mspoweruser
Browser security is hard, and it seems sometimes it is easier to break something than to fix it.
Microsoft nemesis Google Project Zero has once again made a flaw in Microsoft’s Edge browser public before the company could push out a fix.
The issue is related to Microsoft’s Just In Time compiler for Javascript, which is by design not protected by Arbitrary Code Guard (ACG) in Microsoft Edge. It turns out that if a content process is compromised and the content process can predict on which address JIT process is going to call VirtualAllocEx() next, the content process can:
Google gives the exploit a Medium rating and notified Microsoft in November 2017. Microsoft has, however, had difficulty fixing the issue, missing both the 90-day disclosure deadline and an additional 14-day grace window the company asked for.
Microsoft, however, hopes to have a fix available by Patch Tuesday next month, but I suspect Edge users have little to worry about, given its current small market share, which means, unlike Google’s Project Zero, most hackers will be looking elsewhere.
Read all the detail on Google’s blog here .
Via Neowin.net
Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.
by Surur on February 15,2018
by Jennifer Locke
by Pradeep
by Pradeep
Fitbit is having a sale on their fitness trackers, offering discounts as deep as $50 on their most expensive models. The timing is of course opportune, partially due to the post-holiday hea…
Samsung’s 850 EVO series SSD is the No.1 selling SSD in the market right now. It is powered by Samsung’s V-NAND technology with up to 540MB/s and 520MB/s sequential Read/Write pe…
Microsoft Store online today kicked off its Countdown to 2018 sale. You can get huge discounts on popular apps, hottest games, movies and TV. Find the deals that are available below. Xbox Di…
In the summer Oculus announced a price drop for their Oculus Rift headset taking it to an astonishing $399 for the headset and controllers, around half the launch price of the bundle before …
Microsoft Store’s annual 12 Days of Deals promotional campaign has started today. Microsoft Store will announce a new deal daily at midnight ET through Dec. 17 – featuring products from …
Microsoft Store UK’s Black Friday deals are now live and you can get discounts on latest Surface devices, Xbox consoles, Windows PCs, accessories and more. You will be able to save up…
You can save up to 30% on select SanDisk memory products from Amazon as part of their Deal of the Day promotion. This sale includes lot of popular SanDisk products including SanDisk Ultra 1…
You can now get huge discounts on popular laptops as part of the Lenovo Black Friday 2017. If you are looking for a mainstream laptop, check out the Ideapad 720s which comes with premium met…
HP, the No.1 PC OEM in the world is now running their biggest sale of 2017 as part of their Black Friday promotions. You will be able to find amazing deals on HP laptops, desktops, monitors,…
Microsoft Store’s Black Friday deals are now available in the US. Microsoft Store has some great deals on the Xbox One S, Surface devices, Windows Mixed Reality headsets and more. Find…