Google Releases IE, Edge Vulnerability

Monday, February 27, 2017 @ 04:02 PM gHale


Google released details about a serious vulnerability in the Internet Explorer and Edge browsers.

The report also contains proof of concept code that, if implemented in web pages, should crash vulnerable browsers.

RELATED STORIES
11-Year-Old Vulnerability Undergoing Fix
Industrial Malware Focuses on Linux
ICS Lookout: New Ransomware in Town
Russians Compromise U.S.: Report

Attackers could use it as a first step of an attack that could ultimately result in remote code execution.

Google Project Zero security researcher Ivan Fratric reported the flaw.

“The report has too much info on that as it is (I really didn’t expect this one to miss the deadline),” he said.

The bug report became automatically visible to the public three days ago, when Google’s customary 90-day disclosure deadline passed.

The flaw ended up getting the following identifier: CVE-2017-0037. While Microsoft skipped its February patch period, researchers are thinking Microsoft will plug it in March, along with the other flaws that are awaiting fixes.

Microsoft postponed the release of the patches scheduled for February 2017 Patch Tuesday because of a last minute issue it could not resolve in time.



Leave a Reply

You must be logged in to post a comment.