Google has gone public with details about a Microsoft Edge vulnerability that attackers could abuse and bypass one of the browser's security features —Arbitrary Code Guard (ACG).
ACG is a relatively new feature added to Edge's security model. Microsoft added support for ACG in Edge in April 2017, with the release of the Windows 10 Creators Update.
ACG was the second of two new features that Microsoft said would prevent attackers from using JavaScript to load malicious code into a computer's memory via Edge. Microsoft described the two new security features in a
blog post last year. A summary of ACG and Code Integrity Guard (CIG) is below:
An application can directly load malicious native code into memory by either 1) loading a malicious DLL/EXE from disk or 2) dynamically generating/modifying code in memory. CIG prevents the first method by enabling DLL code signing requirements for Microsoft Edge. This ensures that only properly signed DLLs are allowed to load by a process. ACG then complements this by ensuring that signed code pages are immutable and that new unsigned code pages cannot be created.
