Windows 10 security: Google exposes how malicious sites can exploit Microsoft Edge Microsoft misses Google’s 90-day deadline, so Google has published details of an exploit mitigation bypass. Liam Tung By Liam Tung | February 16, 2018 — 14:20 GMT (06:20 PST) | Topic: Security


Google’s Project Zero team has published details of an unfixed bypass for an important exploit-mitigation technique in Edge.

The mitigation, Arbitrary Code Guard (ACG), arrived in the Windows 10 Creators Update to help thwart web attacks that attempt to load malicious code into memory. The defense ensures that only properly signed code can be mapped into memory.

However, as Microsoft explains, Just-in-Time (JIT) compilers used in modern web browsers create a problem for ACG. JIT compilers transform JavaScript into native code, some of which is unsigned and runs in a content process.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.