Google disclosed Microsoft Edge security flaw before it’s fixed

Google and Microsoft have never had the best of relationships. In addition to being bitter rivals in the realm of web browsers, Google previously disclosed a major Windows flaw before Microsoft was ready to release a patch for it – a decision Microsoft was less than pleased with. Indeed, Google’s move irked Microsoft so much that Windows Executive VP Terry Myerson opted to publish a blog post criticizing the search giant for their approach to the disclosure of security vulnerabilities.

The vulnerability reportedly relates to how Edge handles code execution and was first disclosed to Microsoft by Google back in November. After giving the software giant 90 days to fix the issue, Project Zero researchers have gone public with their findings. Though the specifics of the discovery are complicated and quite technical, the gist is hackers are able to bypass Microsoft Edge’s existing security measures to inject malicious code into a victim’s PC memory, according to Neowin. With this in mind, it’s not hard to see why Project Zero awarded the flaw a “Medium” severity rating. As of writing, Microsoft has not rolled out a fix for the vulnerability so security conscious users may wish to use an alternate browser for the time being.