Google's Project Zero has revealed a bug in Microsoft's Internet Explorer and Edge browsers.
First turned up on November 25, the bug offers evildoers a technique that would let a malicious web site crash a visitor's browser as the main course, with code execution as the dessert.
Detailed here, the bug works by attacking a type confusion in
A 17-line proof-of-concept crashes that process, with a focus on two variables
“An attacker can affect
rax by modifying table properties such as border-spacing and the width of the first
th element,” Project Zero's post states – so the crafted Web page just needs to point
rax to memory they control.
The issue was published at the end of Project Zero's 90-day disclosure deadline, and it remains unpatched.