Windows 10 security: Google exposes how malicious sites can exploit Microsoft Edge Microsoft misses Google’s 90-day deadline, so Google has published details of an exploit mitigation bypass. Liam Tung By Liam Tung | February 16, 2018 — 14:20 GMT (06:20 PST) | Topic: Security

PAY ATTENTION – SHARE SHARE SHARE SHARE!  👀😳😧😵😠

Google’s Project Zero team has published details of an unfixed bypass for an important exploit-mitigation technique in Edge.

The mitigation, Arbitrary Code Guard (ACG), arrived in the Windows 10 Creators Update to help thwart web attacks that attempt to load malicious code into memory. The defense ensures that only properly signed code can be mapped into memory.

However, as Microsoft explains, Just-in-Time (JIT) compilers used in modern web browsers create a problem for ACG. JIT compilers transform JavaScript into native code, some of which is unsigned and runs in a content process.

https://www.zdnet.com/article/windows-10-security-google-exposes-how-malicious-sites-can-exploit-microsoft-edge/

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.