Skip to main content
  1. Home
  2. Computing
  3. News

Google found another critical security flaw in Microsoft Edge

By

Google’s Project Zero disclosed a software vulnerability in Microsoft’s Edge browser over the weekend. The flaw was first reported privately but after Microsoft failed to patch the issue in time, Google’s Project Zero team revealed the technical details of the vulnerability along with Microsoft’s response.

Let’s be clear though, this security vulnerability isn’t the kind of thing you need to run out and uninstall Edge over. Chances are you’re using a different browser anyway, but until it’s fixed maybe stick to Chrome or Firefox. The vulnerability itself establishes a workaround for one of Edge’s built-in security countermeasures, Arbitrary Code Guard (ACG). Sidestepping ACG, Google security researcher Ivan Fratric found a way to load unsigned code into memory from malicious website accessed via Microsoft Edge.

Recommended Videos

“The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team is positive that this will be ready to ship on March 13th,” Microsoft replied to Fratric’s disclosure.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

However, Microsoft added, the complexity of the fix has made it difficult to nail down a fixed date for release. Microsoft is reportedly aiming for a mid-March release for the patch, but it’s unclear if the company will make that self-imposed deadline.

We’re only hearing about this now because of Google Project Zero’s security vulnerability policy. When Project Zero discovers a vulnerability, the team reaches out privately to the manufacturer of the product — in this case, Microsoft — giving the manufacturer 90 days to get a fix together before they disclose the vulnerability to the public. This particular disclosure is unlikely to make anyone in Microsoft’s Redmond, Washington, headquarters particularly happy.

As Engadget points out, it’s not the first time Google’s exploit-finding-team has rubbed Microsoft the wrong way. Google and Microsoft have all but come to blows over these disclosures in the past, with each company taking pains to poke holes in the other’s products in order to promote their own. That doesn’t appear to be the case here but it is unlikely anyone at Microsoft is going to look favorably upon this security vulnerability being thrust into the spotlight.

Jaina Grey
Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
Topics

Editors’ Recommendations

Google Gemini’s best AI tricks finally land on Microsoft Copilot
Copilot app for Mac

Microsoft’s Copilot had a rather splashy AI upgrade fest at the company’s recent event. Microsoft made a total of nine product announcements, which include the agentic trick called Actions, Memory, Vision, Pages, Shopping, and Copilot Search. 

A healthy few have already appeared on rival AI products such as Google’s Gemini and OpenAI’s ChatGPT, alongside much smaller players like Perplexity and browser-maker Opera. However, two products that have found some vocal fan-following with Gemini and ChatGPT have finally landed on the Copilot platform. 

Read more
Microsoft just turned 50, can its dominance last another half a century?
Microsoft at 50.

Microsoft is officially half a century old and what a half a century it's been. It went from being a small scale software company to dominating the world of personal computers, to today where it's worth over $3 trillion -- or at least it was until some recent tariff shenanigans. It's not the only name in the game any more, with Google's Android platform the most popular operating system on devices, but Microsoft's Windows still forms the backbone of the professional and gaming worlds, and that's not the only pie it has its fingers in.

From trying to wrestle control of the AI hype train, to endeavours in Quantum computing, Microsoft is looking to form the zeitgeist of the next 50 years. Let's take a look at some of its big wins over the past few decades, and what it might do in to secure some more in the years to come.

Read more
Microsoft’s Bing adds a Copolit Search mode to rival Google AI Search
Copilot Search for Bing Search engine.

Barely a few weeks ago, Google introduced a new AI Search mode. The idea is to provide answers as a wall of text, just the way an AI chatbot answers your queries, instead of the usual Search Results with blue links to different sources.

Microsoft is now in the race, too. The company has quietly rolled out a new Copilot Search option for its Bing search engine. The feature was first spotted by Windows Latest, but Digital Trends can confirm that it is now accessible across all platforms. 

Read more