Google released details about a serious vulnerability in the Internet Explorer and Edge browsers.
The report also contains proof of concept code that, if implemented in web pages, should crash vulnerable browsers.
Attackers could use it as a first step of an attack that could ultimately result in remote code execution.
Google Project Zero security researcher Ivan Fratric reported the flaw.
“The report has too much info on that as it is (I really didn’t expect this one to miss the deadline),” he said.
The bug report became automatically visible to the public three days ago, when Google’s customary 90-day disclosure deadline passed.
The flaw ended up getting the following identifier: CVE-2017-0037. While Microsoft skipped its February patch period, researchers are thinking Microsoft will plug it in March, along with the other flaws that are awaiting fixes.
Microsoft postponed the release of the patches scheduled for February 2017 Patch Tuesday because of a last minute issue it could not resolve in time.