Google goes public with browser flaw before Microsoft patch ready

Google goes public with browser flaw before Microsoft patch ready

The real cost of hacking on UK businesses? £42bn!

Security researchers have discovered a flaw in Microsoft’s web browser that could allow cyber criminals to take over the software under certain circumstances.

Google Project Zero’s Ivan Fratric reported the flaw in Edge and Internet Explorer to Microsoft last November, but went public with it this week after the tech firm failed to fix it within 90 days.

The vulnerability centres around the way the browsers handle certain formatting and page elements. It means that hackers could potentially build malicious websites that cause their victims’ browsers to crash and in some cases grant attackers control of the software.

According to the BBC, Fratric will not describe the flaw in more detail until Microsoft has patched it, and there is no evidence that attackers are exploiting it in the wild.

Microsoft did not directly comment on the vulnerability, but said it was committed to investigating security issues and said it was having “an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk”.

This is not the first time Google researchers have gone public with a flaw in a Microsoft product before the technology giant has released a patch to protect its users.

In November last year, Microsoft criticised Google for publishing details of a Windows zero-day flaw that it had not had time to fix. In that case, Google had given it a week’s notice.

“We believe in coordinated vulnerability disclosure, and [this] disclosure by Google puts customers at potential risk,” a Microsoft spokesperson said at the time.

In his explanation of the newly-discovered Edge and Internet Explorer vulnerability, Fratric said he “really didn’t expect this one to miss the deadline”.

According to W3Counter figures from January, Microsoft’s web browsers – Internet Explorer and Edge – are used by around eight per cent of web users.

Photo: copyright golubovy, under licence from

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]