Browser security is hard, and it seems sometimes it is easier to break something than to fix it.
Microsoft nemesis Google Project Zero has once again made a flaw in Microsoft’s Edge browser public before the company could push out a fix.
- Unmap the shared memory mapped above using UnmapViewOfFile()
- Allocate a writable memory region on the same address JIT server is going to write and write a soon-to-be-executable payload there.
- When JIT process calls VirtualAllocEx(), even though the memory is already allocated, the call is going to succeed and the memory protection is going to be set to PAGE_EXECUTE_READ.
Google gives the exploit a Medium rating and notified Microsoft in November 2017. Microsoft has, however, had difficulty fixing the issue, missing both the 90-day disclosure deadline and an additional 14-day grace window the company asked for.
Microsoft, however, hopes to have a fix available by Patch Tuesday next month, but I suspect Edge users have little to worry about, given its current small market share, which means, unlike Google’s Project Zero, most hackers will be looking elsewhere.
Read all the detail on Google’s blog here.