O Project Zero do Google relatou à Microsoft um bug de segurança no Edge e no Internet Explorer 11 em 25 de novembro, 2016, que ainda não foi corrigido. a vulnerabilidade, identificado como CVE-2017-0037, would allow remote code execution where attackers could crash browsers and execute arbitrary code.
Como mencionado, a erro was reported in November last year, and was revealed to the public several days ago when ProjectZero’s 90-day disclosure deadline expired. No patch has been released by Microsoft.
More about CVE-2017-0037
Aqui está a descrição oficial:
além do que, além do mais, Google has included a report where a proof-of-concept displays how the crashes in both browsers could be caused.
relacionado: Erros Android cruciais sendo corrigido por Google
Google Surprised by Microsoft’s Lack of Reaction
Ivan Fratric, the researcher who found the bug says he “didn’t expect this one to miss the deadline”. The bug passed the 90-day deadline ProjectZero usually gives to vendors to fix address security issues.
Por outro lado, Microsoft recently delayed its February 2017 patch which will be released on March 14. Contudo, no explanation has been given for this delay. Flash Player-related issues were fixed in Edge and IE last week but there was no mention of the issue disclosed by Google.