A security mitigation in Microsoft Edge was cracked by researchers at Google Project Zero, specifically targeting out-of-process JIT implementations.
Researchers at Google's Project Zero
have bypassed Microsoft Edge security features that Microsoft designed to prevent the execution of malicious code.
Created to replace the aging Internet Explorer web browser, Microsoft Edge was built
with security in mind. As is often the case with large software projects like a web browser, oversights occur, and in this case it is a big one.
The exploit involves attacking a flaw in how Microsoft designed
Edge's arbitrary code mitigation defenses. In order to build Edge's defenses Microsoft had to reconfigure a fundamental part of modern web browser architecture: Just-In-Time (JIT) JavaScript compiling.
JIT involves translating JavaScript into native browser code for faster execution. Edge's arbitrary code defenses made it incompatible with JIT, so Microsoft moved JIT to its own isolated process. That's where things break down.
Edge's great idea and poor execution
The best way to understand how Project Zero engineers cracked Edge's security is to understand the basics of how it works.
.....
.......
.........