Google’s Project Zero exposes new Microsoft Edge security flaw

2 min. read

Published onFebruary 17, 2018

published onFebruary 17, 2018

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Google’s Project Zero, a team of security researchers tasked with finding vulnerabilities in Google’s own software and that of third-parties, has exposed a new security flaw in Microsoft Edge (viaNeowin), the default web browser in Windows 10.

The flaw affects Microsoft’s Arbitrary Code Guarantee (ACG) that aims to mitigate arbitrary native code execution. ACG forced Microsoft to move its JIT (Just-in-Time) functionality into a separate process, effectively running it in an isolated sandbox. Google explained how the flaw works, by predicting the address that the JIT process calls itsVirtualAllocEx() function:

Unmap the shared memory mapped above above using UnmapViewOfFile()

Allocate a writable memory region on the same address JIT server is going to write and write a soon-to-be-executable payload there.

When JIT process calls VirtualAllocEx(), even though the memory is already allocated, the call is going to succeed and the memory protection is going to be set to PAGE_EXECUTE_READ.

The flaw is marked as a “Medium” in severity, and Microsoft was made aware of it back in November 2017 and was given the usual 90-day window to resolve the flaw. Microsoft later told Google that the complexity of the flaw meant it would need more time, so a 14-day extension was granted. Microsoft missed the new deadline and Google’s Project Zero released details of the flaw publicly.

Now, the flaw remains unresolved and Microsoft has targeted March 13th for a patch.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Google’s Project Zero exposes new Microsoft Edge security flaw#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Google’s Project Zero exposes new Microsoft Edge security flaw