Google has spotted a security flaw in Microsoft Edge browser under its Project Zero that could allow hackers to bypass the security wall and insert malicious codes into the browser. This bug was first discovered in November last year when Google notified Microsoft about the bug. However, Google decided to make this bug public after Microsoft did not pay heed and release a patch to curb this vulnerability.
As per a report by Neowin, Google’s Project Zero team that discovered the Microsoft Edge browser vulnerability had notified to the Redmond-based giant that this bug resides in the browser and can cause additional vulnerabilities. Google gave a 90-day disclosure deadline to Microsoft that was further extended by 14 days on the latter’s request to provide more time due to the complexity of the bug. However, since the bug is still persistent, Google decided to publicly name and shame the company over the bug.
The bug details are pretty technical but once bypassed can allow hackers to easily put malicious codes into the executable runtime functions of the browser. According to Engadget, taking advantage of the flaw, hackers could bypass Microsoft Edge’s existing security measures to inject malicious code into a victim’s computer. Microsoft is yet to officially address this bug in public, however, this move may bring embarrassment to the company.
Project Zero is a Google initiative that is aimed at discovering loopholes in other companies’ products and notifying them of the same. In the past, Google has been in a tussle with Microsoft over the discovery of different bugs in the latter’s products. Interestingly, Microsoft gave back to Google after it found a vulnerability in the Chrome browser last year in October.
