Google's Project Zero has exposed another security flaw in Microsoft software — this time in Internet Explorer and Microsoft Edge. As reported by The Register, the flaw was first disclosed to Microsoft on November 25, but has now gone public after exceeding Project Zero's 90-day disclosure deadline without a patch.
The bug in question could allow a website to crash the browser and execute code with just 17 lines of HTML. If you're into the nitty-gritty technical details of the issue, you can dive into the full explanation of the flaw at Project Zero's post.
This isn't the first time Google has publicly outed a flaw in Microsoft software without a patch being issued. Most recently, the two software giants butted heads in late 2016 after Google disclosed a bug in Windows just days after alerting Microsoft. Similarly, January of 2015 saw Google publish a Windows 8.1 vulnerability just days before a patch was set to go live.
It's not clear when or how quickly Microsoft might issue a fix for this particular flaw. The company curiously delayed its usual monthly round of fixes for February, noting that they'll arrive with March's Patch Tuesday on March 14. However, the company did issue a fix for a critical Adobe Flash bug just days later, so there's a chance we could see a security fix outside of the usual monthly schedule.