Skip to main content
  1. Home
  2. Computing
  3. News

Google found another critical security flaw in Microsoft Edge

Add as a preferred source on Google

Google’s Project Zero disclosed a software vulnerability in Microsoft’s Edge browser over the weekend. The flaw was first reported privately but after Microsoft failed to patch the issue in time, Google’s Project Zero team revealed the technical details of the vulnerability along with Microsoft’s response.

Let’s be clear though, this security vulnerability isn’t the kind of thing you need to run out and uninstall Edge over. Chances are you’re using a different browser anyway, but until it’s fixed maybe stick to Chrome or Firefox. The vulnerability itself establishes a workaround for one of Edge’s built-in security countermeasures, Arbitrary Code Guard (ACG). Sidestepping ACG, Google security researcher Ivan Fratric found a way to load unsigned code into memory from malicious website accessed via Microsoft Edge.

Recommended Videos

“The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team is positive that this will be ready to ship on March 13th,” Microsoft replied to Fratric’s disclosure.

However, Microsoft added, the complexity of the fix has made it difficult to nail down a fixed date for release. Microsoft is reportedly aiming for a mid-March release for the patch, but it’s unclear if the company will make that self-imposed deadline.

We’re only hearing about this now because of Google Project Zero’s security vulnerability policy. When Project Zero discovers a vulnerability, the team reaches out privately to the manufacturer of the product — in this case, Microsoft — giving the manufacturer 90 days to get a fix together before they disclose the vulnerability to the public. This particular disclosure is unlikely to make anyone in Microsoft’s Redmond, Washington, headquarters particularly happy.

As Engadget points out, it’s not the first time Google’s exploit-finding-team has rubbed Microsoft the wrong way. Google and Microsoft have all but come to blows over these disclosures in the past, with each company taking pains to poke holes in the other’s products in order to promote their own. That doesn’t appear to be the case here but it is unlikely anyone at Microsoft is going to look favorably upon this security vulnerability being thrust into the spotlight.

Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
Apple’s Hide My Email feature has an unfixed bug that leaves email addresses exposed
100% exploitable in limited testing, known since June 2025, and still unfixed as of today.
apple-merging-sign-in-with-apple-hide-my-email-icloud+

Apple has been selling Hide My Email to keep your real email address hidden, but it has a vulnerability that does the exact opposite. The worst part is that the company has known about it for a year. 

Hide My Email, part of Apple’s paid iCloud+ subscription, lets users generate anonymous email addresses for signing up to a website, so that their personal or work email remains free of promotional emails and spam. 

Read more
I hate sharing my Mac, but a face-unlocking app finally cured my privacy paranoia
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently dead at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more