Google has revealed a security flaw that could make using Microsoft's Internet Explorer and Edge browsers a really bad idea. Google researcher Ivan Fratric said on Tuesday that a bug discovered in November in Internet Explorer and Edge has yet to be patched by Microsoft. Even worse, the search giant says that Microsoft has yet to say when it will patch the flaw, leaving millions of people around the globe at potential risk of a serious security breach.
According to Fratric, whose comments were earlier reported on by the BBC, the problem is found in Internet Explorer 11 and the Edge browser and relates to how the browsers format Web pages. Malicious hackers taking advantage of the flaw could build fake websites that cause Internet Explorer and Edge to crash. While that alone isn't such a huge problem, the flaw could also be exploited to allow those same malicious sites to take control over the browser and give hackers full control over your systems.
It doesn't appear that anyone has yet exploited the flaw. But since the flaw it remains unpatched, it's possible that malicious hackers are now seeing the announcement and making webpages that could take advantage of it.
Exact details about the vulnerability were not revealed. In a statement, Fratric said that since the flaw remains unpatched, he doesn't want to share exactly how it works "until [it] is fixed." But exactly when it'll be fixed is unknown.
According to Fratric, he alerted Microsoft to the flaw in November. He's revealing it now because of Google's 90-day disclosure deadline, which allows companies with affected products to fix the flaw within three months before it goes public. After 90 days, the flaw becomes public knowledge if a "broadly available patch" hasn't yet been released.
The move is probably a good one. By making the information public, Google can place additional pressure on Microsoft to determine what's going on and come up with a solution.
For its part, Microsoft has said in a statement that it has a "customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.” But again, Microsoft didn't say when it might fix the problem.
So, Internet Explorer and Edge users are left with little to go on, no way of mitigating the problem, and hoping for the best. To safeguard yourself, then, your best bet is to stop using Edge and Internet Explorer altogether and move on to something else. Firefox, Opera, and Chrome are not believed to suffer from the same flaw.