Google's Project Zero security research team has discovered a bug with severe vulnerability on Microsoft Edge, more popularly still referred to as Internet Explorer by many. But the bug affects both the Microsoft Edge and Internet Explorer 11.
Researcher Ivan Fratric of the Google team, who spotted the bug, says he sent his assessment to Microsoft on 25 November. Generally, when any vulnerability of this scale is found, it is standard for Google to give the company, which is Microsoft here, a 90-day window to patch the issue before it is made public. Fratric says the window passed and yet no patch is available.
Shortly after Fratric made the vulnerability public, Microsoft issued a statement saying: "We believe in coordinated vulnerability disclosure, and we've had an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk. Microsoft has a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible."
There is still, however, no suggestion, workaround or patch for Windows 10 users to follow and protect their systems.
The latest disclosure is the second time in a week that Project Zero researchers have reported unpatched security vulnerability in a Microsoft product. Last week, Project Zero researcher Mateusz Jurczyk published details of a flaw in Windows that exposes potentially sensitive data stored in computer memory.