Google reveals unpatched security vulnerability in Microsoft’s Edge browser

Google’s Project Zero team of security researchers disclosed a “high-severity” vulnerability it found in Microsoft’s Edge browser after the company failed to patch it within the allotted time of 90 days. The vulnerability can allow an attacker to gain administrator privileges if exploited.

For those unfamiliar, Project Zero is a team of security analysts employed by Google to find zero-day vulnerabilities before they are found and exploited by malicious people. On finding and disclosing the vulnerability to the relevant company, Google gives them 90 days to fix the issue. However, if the company fails to issue a patch within the specified time period, the Project Zero team discloses the vulnerability to the public so that users can protect themselves by taking necessary steps.
This most recent vulnerability was identified by James Forshaw, a Google Project Zero researcher, who disclosed it to Microsoft on November 10 as part of a separate security issue with Windows 10. Apparently, there are actually two bugs in this vulnerability, named 1427 and 1428. While Microsoft addressed the bug 1427 with its February’s Patch Tuesday release earlier this month, as it found it to be more critical. However, it chose to leave the other bug 1428 untouched, as it says it’s not a critical vulnerability.

According to the technical report in the Project Zero, the vulnerability has been tested on READ MORE http://www.achcodetech.com/2018/02/google-reveals-high-severity-exploit-windows-10-patched.html

windows security is like a house with gate but no fence