
Google reports “high-severity” bug in Edge/IE - fagnerbrack
https://arstechnica.com/security/2017/02/high-severity-vulnerability-in-edgeie-is-third-unpatched-msft-bug-this-month
======
auscompgeek
I initially thought that Project Zero found yet more bugs in IE/Edge, but it
turns out this is just from last month.

~~~
avian
Previous HN discussion:
[https://news.ycombinator.com/item?id=13755082](https://news.ycombinator.com/item?id=13755082)

------
fagnerbrack
Not sure if there's a patch available now, but Microsoft not responding to it
makes me wonder if they really care about security in their browsers...

~~~
na85
There's been some speculation that they're all-hands-on-deck trying to respond
to the vault7 leaks and implications thereof, and thus these vulns are left to
rot on the vine.

~~~
martinknafve
I reported an issue a week ago and they have had developers verifying it
beginning of this week. And that was a low impact bug. The previous issue I
reported took 4 months to be verified and then another 3 to be patched. So my
view at least is that not everyone is handling leaks.

------
lucideer
> Windows users who want to take extra precautions should consider using a
> 64-bit version of the Chrome browser instead of Edge or IE until the latter
> two browsers are patched

Eugh. Is this a sponsored post on Ars or is there really this level of tone-
deafness w.r.t. responsible unbiased journalism?

"Company A finds vulnerability in competitor's product. We recommend using
Company A's product instead (despite there being other competitors)"

On a similar note, the original Project Zero reporter didn't actually bother
to test this in Edge before reporting it. I assume this has since been
positively confirmed in Edge or is it still just speculation?

~~~
AxelValtysson
Personally I don't think it's a sponsored post. If the author of the post
didn't recommend something to workaround the issue, readers (especially non-
technical one) might think there's no solution to the problem.

Ideally the author should have mentioned about Firefox as well but he/she
might not have used browsers other than Chrome, IE/Edge.

