From time to time security flaws are uncovered in software. It’s not as if this was done on purpose, it’s just that sometimes it’s hard to try and catch all the flaws. More recently it seems that Google’s Project Zero has discovered a new security flaw in Microsoft’s Edge browser, as posted on the Chromium website (via Neowin).
The report is rather technical, but basically the flaw allows attackers to potentially side-step and workaround one of Edge’s built-in security countermeasures. This will allow the attack to load unsigned code into memory from a malicious website that was accessed via the Edge browser. This was flaw was discovered by Google security researcher Ivan Fratric who reached out to Microsoft to inform them of it.
However it seems that the fix is a bit complicated, which is why the report was published publicly following Project Zero’s policy where they will share their findings with the public after 90 days. This is meant to give developers and companies time to release a fix, which means that even after the report is published, the vulnerability would no longer be valid.