Skip to main content

Google’s Project Zero publishes another Microsoft vulnerability

Google’s Project Zero is the company’s initiative to identify and eventually publicize security vulnerabilities in software and systems, with the express purpose of compelling developers to fix them. Project Zero staff notify developers about “zero-day” bugs, or those that a developer is not aware of and can be exploited, and the team then gives that vendor 90 days to fix it before it’s publicized.

Microsoft has been at the receiving end of a few of Project Zero’s efforts, raising some questions as to whether Google’s team of white hat hackers is acting irresponsibly by revealing bugs that a developer simply hasn’t had time to fix. The most recent Microsoft zero-day bug is one involving the company’s Internet Explorer and Edge browsers, as MSPU reports.

Recommended Videos

The bug, which causes browser crashes and allows nefarious parties to execute arbitrary code, was identified by Project Zero on November 25, 2016 and then published on February 23, 2017. At that time, Microsoft had already cancelled its Patch Tuesday release of bug fixes for Windows operating systems for February 2017, pushing it off until a month later — leaving systems vulnerable to this and other bugs right as Google has notified the world of the bug’s existence.

According to the Project Zero team, exploiting the vulnerability appears to be a relatively trivial task, requiring only 17 lines of HTML code. The details are meaningful mainly to developers and those who would exploit the code, but it basically involves modifying table properties. The post does not indicate precisely which versions of Internet Explorer and Edge running on which Windows operating systems are affected.

The net result is that hackers now have all of the information they need to attack vulnerable systems. Until Microsoft issues a bug fix, which could come in the next Patch Tuesday in March 2017, there’s not much users can do to avoid the bug. As MSPU points out, you can utilize or create a separate admin account on your Windows machine and then use it to make sure your primary account is running at a limited security level. That would take away much of the damage that browsers could wreak on a system, but of course could also impact how other applications function.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Microsoft Edge just got a new way to protect your privacy
Microsoft Edge Secure Network graphic.

Microsoft Edge just got even more secure. After a tease a few weeks ago, Microsoft has just officially announced the availability of Edge Secure Network, the new built-in VPN feature for the Microsoft Edge browser.

Though still in an experimental stage with a small audience using the Canary version of the browser, Microsoft hopes this feature can provide extra peace of mind when using Edge on unsecured networks. As with most other VPN services, this built-in Secure Network can mask your device's IP address, encrypt your data, and route it through a secure network that's geographically co-located.  This will make it harder for hackers and others with bad intent to see your true location. The company that provides your internet also won't be able to collect your browsing data for ads.

Read more
Upcoming Windows update will kill Internet Explorer for good
windows 10 june update will kill internet explorer for good poznan  pol may 1 2021 laptop computer displaying logo

Internet Explorer is set to have its final end-of-life update on June 15. The Windows 10 update will be sent out to PCs after that date, disabling the browser and wiping it from devices.

While Microsoft has detailed its plans to retire Internet Explorer since May 2021, the Redmond, Washington company says the upcoming end-of-life update will disable the browser in a fashion that will redirect users to the Microsoft Edge browser when they try to access the feature.

Read more
Microsoft Edge vs. Google Chrome: Performance, design, security, and more
Microsoft Edge browser on a computer screen.

Google Chrome remains the king of the web browsers, with around 65% share of the desktop browser market as of December 2024. Microsoft's Edge browser, which uses the Chromium open-source engine, is in a lower spot around 14%. Since Microsoft Edge was included as the default Windows browser, it has been given a slight -- well -- edge.

Which browser should you use? The two share a lot of similarities, but some key differences make one the clear winner.
Design

Read more