Google seems to be gunning for Microsoft again by going public with a vulnerability in Microsoft Edge before Microsoft could develop a patch.
The flaw affects Microsoft’s Arbitrary Code Guard (ACG) which Microsoft described a year ago in a post about major security improvements released in the Creators Update of Windows 10. To mitigate arbitrary native code execution in Edge, the Creators Update would use “Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to help break the most universal primitive found in modern web browser exploits: loading malicious code into memory.”
Microsoft went on to explain how modern browsers transform JavaScript to native code, but “enabling Just-in-Time (JIT) compilers to work with ACG enabled is a non-trivial engineering task.”
