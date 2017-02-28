Google Project Zero notifies Microsoft as another bug found but not patched

by Roi Perez  |  Tuesday 28 February 2017  | Comment Now
Google Project Zero notifies Microsoft as another bug found but not patched

Is the Google team of security researchers once again teetering on the edge of responsible and irresponsible disclosure?

Google's Project Zero has revealed a bug in Microsoft's Internet Explorer and Edge browsers, whereby if a user were to visit a malicious websites, it could crash the browser, and then execute code.

First found on November 25 last year, the bug works by attacking a type confusion in HandleColumnBreak OnColumnSpanningElement.

The group of Google researchers showed a 17-line proof-of-concept which crashes that process, with a focus on two variables rcx and rax.

“An attacker can affect rax by modifying table properties such as border-spacing and the width of the first th element,” Project Zero's post states – so the crafted Web page just needs to point rax to memory they control.

The Google project operates a strict rule where it notifies companies of bugs in their software, and sets a 90-day deadline for them to issue a fix, or it goes public and reveals it to the world. This bug had gone past the 90-day limit.

This article originally appeared at scmagazineuk.com

Related Articles

Source: Copyright © SC Magazine, UK edition

See more about:  bug  |  google  |  microsoft  |  project zero  |  security researchers
 
 

More in Misc Software (1 of 10 articles)

Google Chrome users targeted with 'missing font' malware scam

NEWS

Google Chrome users targeted with 'missing font' malware scam

More in Misc Software (2 of 10 articles)

TeamSpy malware exploits TeamViewer in phishing campaign

NEWS

TeamSpy malware exploits TeamViewer in phishing campaign

More in Misc Software (3 of 10 articles)

ForkLift 3.0 released for macOS, unveils complete redesign and rebuild

NEWS

ForkLift 3.0 released for macOS, unveils complete redesign and rebuild

More in Misc Software (4 of 10 articles)

Irresponsible disclosure? Google reveals bug prior to Microsoft patch

NEWS

Irresponsible disclosure? Google reveals bug prior to Microsoft patch

More in Misc Software (5 of 10 articles)

Sysinternals updates Autoruns, Process Explorer, Process Monitor, more

NEWS

Sysinternals updates Autoruns, Process Explorer, Process Monitor, more

More in Misc Software (6 of 10 articles)

Sysinternals unveils Sysmon 6.0

NEWS

Sysinternals unveils Sysmon 6.0

More in Misc Software (7 of 10 articles)

MiniTool Partition Wizard 10 extends GPT, exFAT support

NEWS

MiniTool Partition Wizard 10 extends GPT, exFAT support

More in Misc Software (8 of 10 articles)

Vivaldi 1.7 introduces flexible screenshot tool, universal mute option for tabs

NEWS

Vivaldi 1.7 introduces flexible screenshot tool, universal mute option for tabs

More in Misc Software (9 of 10 articles)

Discover what makes Nitro Pro 11 the best version of this powerful PDF editor yet

NEWS

Discover what makes Nitro Pro 11 the best version of this powerful PDF editor yet

More in Misc Software (10 of 10 articles)

WordPress pages defaced following patched bug disclosure

NEWS

WordPress pages defaced following patched bug disclosure

Latest Comments

Powered by Disqus

From our Partners

PC & Tech Authority Downloads
 
 
 