Google's project zero has gone public with another unpatched vulnerability (CVE-2017-0037) in Microsoft's browsers Edge and Internet Explorer.
Advertising
After Microsoft has canceled February 2017 patch day, there is now another vulnerability. The first vulnerability was publicly announced by Google's project zero a week ago (see Windows: Zero-Day vulnerability in gdi.dll).
The new vulnerability (CVE-2017-0037) was discovered at the end of November by Google Project Zero researcher Ivan Fratric. It's a type confusion, that crashed the browser. An attacker probably is able to execute code on the affected machine. The details about this vulnerability are published in Google's bug report after a 90-day deadline.
