Google researcher Ivan Fratric has released details of a bug in Microsoft’s browsing programs that would allow attackers to build websites that make the browsers spontaneously crash and take control of your browser in certain cases.

Mr. Fratric originally spotted and reported the bug to Microsoft back in November 2016, giving them a 90-day deadline to eliminate the error.

This week, the security researcher made the flaw public after Microsoft failed to meet the deadline.

The problem is found in Internet Explorer 11 and the Edge browser and arises because of the way both programs handle instructions to format some parts of web pages.

In a statement, Microsoft did not comment directly on the bug and its significance but said it had a “customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible”.

Comments

comments