Google's Project Zero has exposed a security flaw in Microsoft Edge according to a report from Neowin. Microsoft began using Arbitrary Code Guard in Edge with the creators update which forced the use of Just-in-Time (JIT) compilers to an isolated sandbox. The problem with this is the address for the JIT process can be fairly easily predicted and then exploited, creating an executable page in the memory.
While I can't pretend to understand the technical details of all this, I'm just a [H]ardware nerd, it sounds quite severe. Microsoft is stating that it will resolve the issue for the March 13th Patch Tuesday. The full technical debug log can be found here. I suppose it's just a good thing that no one uses Edge.
It is important to note that the bug has been classified as a "Medium" severity flaw and was disclosed to Microsoft by Google in November 2017. The standard 90-day-deadline was awarded to the company to fix the issue before it was disclosed to the public. According to the Microsoft Security Response Center (MSRC), the problem turned out to be more complex than initially believed, due to which it was given an additional 14-day grace period by Google.
While I can't pretend to understand the technical details of all this, I'm just a [H]ardware nerd, it sounds quite severe. Microsoft is stating that it will resolve the issue for the March 13th Patch Tuesday. The full technical debug log can be found here. I suppose it's just a good thing that no one uses Edge.
It is important to note that the bug has been classified as a "Medium" severity flaw and was disclosed to Microsoft by Google in November 2017. The standard 90-day-deadline was awarded to the company to fix the issue before it was disclosed to the public. According to the Microsoft Security Response Center (MSRC), the problem turned out to be more complex than initially believed, due to which it was given an additional 14-day grace period by Google.