As part of the Project Zero program, Google has discovered a vulnerability in Microsoft Edge and researcher has publicly disclosed the vulnerability as the software giant missed the deadline. Google Project Zero team offered Microsoft 90-day grace period to fix the bug but the software giant failed to resolve it.
It’s worth noting that the process to outsmart Microsoft’s technology is not as easy as it appears since the users are exposed only when they visit a compromised page, in other words, attackers can do this with malicious websites only.
Google Project Zero team notified Microsoft about the vulnerability in November. Microsoft missed the deadline as the company needs more time to fix this issue, however, the software giant will roll out new cumulative updates for Windows 10 in March to fix this vulnerability, the patch is estimated to be ready by March 13.
“The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team IS positive that this will be ready to ship on March 13th, however this is beyond the 90-day SLA and 14-day grace period to align with Update Tuesdays,” Microsoft explains.
While the Microsoft Edge is still vulnerable, you can remain protected by avoiding visits to unknown websites with the browser, and as well as the sites spread via email or messages.