Google Goes Public With 'High Severity' Bug in Microsoft Edge and Internet Explorer

Advertisement
By Ketan Pratap | Updated: 1 March 2017 21:12 IST
Highlights
  • The vulnerability wasn't fixed by Microsoft in the deadline offered
  • Google follows a 90 days policy for vulnerabilities before making public
  • A member of Google's Project Zero cyber-security team discovered bug
Google Goes Public With 'High Severity' Bug in Microsoft Edge and Internet Explorer

Google has disclosed a second unpatched vulnerability in Microsoft's products in less than a month. The company this time went public with a 'high severity' bug in Microsoft's Edge and Internet Explorer. The company previously revealed a bug in Microsoft's Windows Graphics Device Interface component. The new vulnerability was reported by a Google Project Zero research team member, and if not fixed, it reportedly lets attackers execute malicious code in some instances.

For those unaware, Google's Project Zero is a cyber-security team that comprise researchers who focus on hunting down widely-affecting zero-day vulnerabilities. The National Vulnerability Database now has an entry for the bug, and it describes it as, "Microsoft Internet Explorer 11 and Microsoft Edge have a type confusion issue which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element."

Google Discloses Windows 10 Bug Under 'Active Attack'; Microsoft Working on Fix

The new bug in Microsoft's Edge and Internet Explorer was discovered by researcher Ivan Fratric from Google Project Zero team, and is tracked by the CVE-2017-0037 identifier in Google's bug report. Arstechnica points out that researchers in Project Zero follow policy to disclose a vulnerability details 90 days after they report the issue privately to the company. The bug report notes, "This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public."

Advertisement

Arstechnica got an issued statement from a Microsoft spokesman who said, "We believe in coordinated vulnerability disclosure, and we've had an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk. Microsoft has a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible." Notably, Microsoft cancelled February's Patch Tuesday security updates citing a last minute issue.

Microsoft Issues Windows 10 Patch for Security Flaw That Google Revealed

As we mentioned, this is the second major Microsoft vulnerability that Google's Project Zero has disclosed in less than a month, with the previous a Windows Graphics Device Interface (GDI)  flaw that could potentially exposed sensitive data stored in memory.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google, Microsoft, Microsoft Edge, Internet Explorer, Google Project Zero
Conan Exiles Will Come to Xbox One as a Preview in Q3 2017; Full Launch Expected in 2018
Why Ghost Recon Wildlands Is Ubisoft’s Most Ambitious Game Yet
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Lava Storm Play 5G, Storm Lite 5G Launched in India: Price, Availability
  2. Vivo T4 Lite 5G Price in India, Launch Timeline and Key Features Leaked
  3. Sony Announces Limited-Period Discount on Audio Products in India
  4. Nothing Phone 3 to Be Manufactured in India, Company Reveals Model Number
  5. BSNL to Reportedly Install One Lakh Additional 4G Towers Across India
  6. OTT Releases of the Week: Rana Naidu Season 2, The Traitors, and More
  7. Top Smartphones Under Rs 40,000 in India (June 2025)
  8. Oppo K13x 5G Build, Durability Details Revealed Ahead of India Launch
  9. Apple May Release Advanced Siri With iOS 26.4 Update in Spring 2026
  10. Google Updates Snapseed for iPhone and iPad With Faves Tab, More Features
#Latest Stories
  1. Microsoft Expands Copilot Vision With Highlights on Windows, Can Work With Two Apps Simultaneously
  2. Vivo T4 Lite 5G Price in India, Launch Timeline Leaked; Said to Pack 6,000mAh Battery
  3. Vivo X Fold 5 Confirmed to Pack 6,000mAh Battery; to Get Periscope Telephoto Camera
  4. BSNL to Reportedly Install One Lakh Additional 4G Towers Across India; Invites Public to Pitch Name for 5G Services
  5. Yahoo Adds New AI Features to Mail App in Attempt to Up Usage
  6. AMD Unveils AI Server as OpenAI Taps Its Newest Chips
  7. iOS 26 to Improve Child Account Setup Process, Will Allow Parents to Share Child's Age Range With Apps
  8. Foxconn Sends 97 Percent of India iPhone Exports to US as Apple Tackles Tariffs
  9. Lava Storm Play 5G With MediaTek Dimensity 7060 SoC Launched in India Alongside Storm Lite 5G
  10. Bitcoin Falls to $104,300, Most Altcoins See Losses Amid Israel-Iran Tensions
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.