Google goes public with browser flaw before Microsoft patch ready

Google goes public with browser flaw before Microsoft patch ready

The real cost of hacking on UK businesses? £42bn!

Security researchers have discovered a flaw in Microsoft’s web browser that could allow cyber criminals to take over the software under certain circumstances.

Google Project Zero’s Ivan Fratric reported the flaw in Edge and Internet Explorer to Microsoft last November, but went public with it this week after the tech firm failed to fix it within 90 days.

The vulnerability centres around the way the browsers handle certain formatting and page elements. It means that hackers could potentially build malicious websites that cause their victims’ browsers to crash and in some cases grant attackers control of the software.

According to the BBC, Fratric will not describe the flaw in more detail until Microsoft has patched it, and there is no evidence that attackers are exploiting it in the wild.

Microsoft did not directly comment on the vulnerability, but said it was committed to investigating security issues and said it was having "an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk".

This is not the first time Google researchers have gone public with a flaw in a Microsoft product before the technology giant has released a patch to protect its users.

In November last year, Microsoft criticised Google for publishing details of a Windows zero-day flaw that it had not had time to fix. In that case, Google had given it a week’s notice.

"We believe in coordinated vulnerability disclosure, and [this] disclosure by Google puts customers at potential risk," a Microsoft spokesperson said at the time.

In his explanation of the newly-discovered Edge and Internet Explorer vulnerability, Fratric said he “really didn’t expect this one to miss the deadline”.

According to W3Counter figures from January, Microsoft’s web browsers - Internet Explorer and Edge - are used by around eight per cent of web users.

Photo: copyright golubovy, under licence from

Copyright Lyonsdown Limited 2021

Top Articles

Data of 500m LinkedIn users put up for sale on the Dark Web

Detailed personal and professional information associated with 500 million LinkedIn profiles has been put up for sale on a popular dark web forum.

Several EU bodies suffered cyber attacks in March, EU reveals

A number of European Union institutions, including the European Commission, were the targets of cyber attacks in March.

The rise and rise of nation state cyber attacks

There has been a 100% rise in nation state cyber attacks over the last three years with attacks aimed at organizations with high value IP, such as technology and pharmaceutical…

Related Articles