Google finds an important bug in Microsoft Edge

[OyaYansa]

Google engineers have found a bug in Microsoft Edge that even those in Redmond could not solve even though they were notified more than 30 days ago.

Microsoft Edge was born to become the best browser in the world to try to recover the lost hegemony against Google Chrome, and is still far from that goal. Most users of Windows 10 prefer to continue using Chrome instead of Edge for its higher level of security and custom, and it seems that Remdond still has a lot of work to do.

Project Zero, the Google team that looks for holes and security flaws in applications of all kinds, has uncovered a major bug in Microsoft's Edge browser and is related to the ACG and JIT, systems used to prevent the execution of arbitrary code in the browser and that, it seems, does not work at all well.

ACG is one of the main novelties included with Windows 10 Creators Update and was created to avoid the execution of arbitrary codes designed to perpetrate attacks on the receiver's system. The problem as Google has discovered, is that there is a conflict with JIT where JavaScript is transformed into native code enabling the possibility of unsigned code and, therefore, insecure.

When these types of failures are discovered from Project Zero 90 days are given for the owner to solve the problem, a time that has already passed without Microsoft having been able or willing to solve this security hole. It is unknown if Microsoft will end up including a next update to solve a problem that seems not to give much importance.