Google Project Zero Discloses Edge Browser Bug Before Microsoft Has a Fix Ready
By advantage of the flaw, hackers could bypass Microsoft Edge’s existing security measures to inject malicious code into a victim’s computer.
Google, through its Project Zero, notified Microsoft about a bug in November, giving the company the usual 90-day disclosure deadline.
With the three-month deadline over, the team of security analysts employed by Google tasked with finding zero-day vulnerabilities – Project Zero -went public with the details of the security flaw.
As per Neowin, the search giant granted a 14-day extension to Microsoft after it said that the problem was complex and it needed more time to fix it.
But, Microsoft missed the second deadline to produce the patch of the vulnerability. However, given Edge’s small market share, the security issue was unlikely to affect too many people though it is still embarrassing for the company. Microsoft has in the past taken issue with how Google’s Project Zero team discloses flaws. The team had previously recently publicly disclosed a high-severity bug in Microsoft Edge and Internet Explorer after the Redmond giant missed the deadline to issue patches.