Google reveals Edge bug that Microsoft has had trouble fixing
Google has again decided to disclose a flaw in Microsoft software before the latter company could deliver a fix. Indeed, Microsoft has struggled to fix this problem.
Detailed here on Google's Project Zero bug-tracker, the flaw impacts the just-in-time compiler that Microsoft's Edge browser uses to execute JavaScript and makes it possible to predict the memory space it is about to use. Once an attacker knows about that memory, they could pop their own code in there and have all sorts of naughty fun as Edge executes instructions of their choice rather than JavaScript in the web page the browser was rendering.
News of the flaw was posted to Project Zero on November 17th, 2017, with the usual warning that "This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report will become visible to the public."