Google discloses dangerous flaw in Microsoft Edge browser

Google's Project Zero is no joke. The search giant's security team actively searches for vulnerabilities in software from other companies - and they've definitely found some nasty ones. Software makers are then given a maximum of 90 days to fix the bugs before Google makes them public.

The Register writes that happened yesterday as Microsoft failed to patch a security flaw in its Edge browser. News about the bug was first posted on the Project Zero site on November 17, 2017. Google gave Microsoft an extra 14 days to plug the hole but the latter said the patch is more complex than initially thought.

Microsoft's says the ETA of the patch is unknown. In the meantime, anyone can look up in-depth details about the bug at Project Zero.

But last week, on February 15th, came a post that said Microsoft "replied that 'The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team IS positive that this will be ready to ship on March 13th, however this is beyond the 90-day SLA and 14-day grace period to align with Update Tuesdays'."

The next post stated simply "Deadline exceeded -- automatically derestricting". The latest post in the thread said Microsoft has advised Google that "because of the complexity of the fix, they do not yet have a fixed date set as of yet."