Google Exposes Security Flaw in Microsoft Edge

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,078
Google's Project Zero has exposed a security flaw in Microsoft Edge according to a report from Neowin. Microsoft began using Arbitrary Code Guard in Edge with the creators update which forced the use of Just-in-Time (JIT) compilers to an isolated sandbox. The problem with this is the address for the JIT process can be fairly easily predicted and then exploited, creating an executable page in the memory.

While I can't pretend to understand the technical details of all this, I'm just a [H]ardware nerd, it sounds quite severe. Microsoft is stating that it will resolve the issue for the March 13th Patch Tuesday. The full technical debug log can be found here. I suppose it's just a good thing that no one uses Edge.

It is important to note that the bug has been classified as a "Medium" severity flaw and was disclosed to Microsoft by Google in November 2017. The standard 90-day-deadline was awarded to the company to fix the issue before it was disclosed to the public. According to the Microsoft Security Response Center (MSRC), the problem turned out to be more complex than initially believed, due to which it was given an additional 14-day grace period by Google.
 

naib

[H]ard|Gawd
Joined
Jul 26, 2013
Messages
1,289
Sounds a bit like spectre and was probably found while investigating spectre.

Rather than speculative branching being "trained" to pull other data, the virtual machine can leak data
 

lostin3d

[H]ard|Gawd
Joined
Oct 13, 2016
Messages
2,043
I suppose it's just a good thing that no one uses Edge
Hahaha Too true.

I'm sure someone will point out the reason but I find it totally ironic that after I install 10 on something, run updates, and one tries to open Edge that I get an error how I can't while using the admin account. Thankfully we already include chrome and explorer on the desktop in our sysprep images.
 

Jagger100

Supreme [H]ardness
Joined
Oct 31, 2004
Messages
7,700
Something that will never be splashed in headlines and not because it doesn't happen..

"Google Exposes Security Flaw in Google Chrome"
 

DeathFromBelow

Supreme [H]ardness
Joined
Jul 15, 2005
Messages
7,316
Something that will never be splashed in headlines and not because it doesn't happen..

"Google Exposes Security Flaw in Google Chrome"

Well, why doesn't Microsoft ever find security holes in Google products?
 
Top