In case you happen to be one of the eight percent that still relies on Edge and Internet Explorer to surf the internet, it might be time to reconsider your preferences. Google has disclosed a still-active vulnerability in the two browsers that Microsoft apparently ignored for more than three months.
The flaw fundamentally allows ill-intended individuals to build websites that cause the browsers to spontaneously crash and – more worryingly – to take control of your browser in certain cases, BBC reports.
Google engineer Ivan Fratric originally spotted and reported the bug to Microsoft back in November last year, giving the Windows-maker a 90-day deadline to eliminate the error. This week, the security researcher made the flawpublic after Microsoft failed to comply with the appointed timeframe.
At present, Fratric remains reluctant to reveal further details about the vulnerability “at least not until [it] is fixed.” He further added that he never expected Microsoft would “miss the deadline,” remarking the report contains “too much info” about the bug “as it is.”
The flaw has to do with the way the browsers handle instructions to format certain elements on some web pages. It currently affects Edge as well as Internet Explorer 11.
Microsoft has since released a statement, claiming it has a “customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”
It further added the company is involved in “an ongoing conversation with Google about extending their deadline since the disclosure could potentially put customers at risk” – but it seems this ship has already sailed.
There’s no evidence to suggest the hackers are actively exploiting the vulnerability as of now, according to BBC. However, so far users have reported being able to reproduce the vulnerability Internet Explorer, but not in Edge.
Curiously, Microsoft unexpectedly delayed its February security patch originally scheduled, which was slated to fix another vulnerability uncovered earlier this month.