Microsoft Edge? The team Project Google's Zero has released several details that help bypass an important security technique in Edge.
Let's see what the problem is:
Arbitrary Code Guard (ACG), released with its release Windows 10 Creators Update to help prevent attacks from the web that attempt to load malicious code into memory. This technique ensures that the memory only accepts properly signed code.
However, as Microsoft explains, Just-in-Time (JIT) compilers used in modern web browsers pose a problem for ACG. JIT compilers convert JavaScript into native, unsigned code.
So to ensure that the JIT compilers continue to work even when ACG is enabled, the company's developers separated the Microsoft Edge JIT into a separate process that runs in its own isolated sandbox.
But here came the researchers from Google's Project Zero. Researchers have found that there is a problem with the way the JIT process writes executable data to the content.
THE 'bypass the ACG using UnmapViewofFile' allows a content process to predict which address of a JIT process can call VirtualAllocEx(), but also the content process that is preparing to 'allocate an area of writable memory at the same JIT address server to an executable that will run soon”.
Google reported the issue to Microsoft in mid-November and released the details of the exploit yesterday, as the 90 days have passed.
Microsoft confirmed the ACG bypass at some point in Patch Tuesday, which was released in February. Apparently the company intended to fix the issue by then, but found it a bit "more complicated" than it initially thought.
So the solution for a secure Microsoft Edge is expected to be released with Patch Tuesday in March.
