I came across this on the bbc site today, and as some here and elsewhere
have asked about updates, it could well be that the major one will be held
back due to problems with bugs at Microsoft?
Google has released details of a bug in Microsoft's browsing programs that
would allow attackers to build websites that make the software crash.
Google researcher Ivan Fratric said the bug could, in some cases, allow
attackers to hijack a victim's browser.
The bug was found in November, but details are only now being released after
the expiry of the 90-day deadline Google gave Microsoft to find a fix.
Microsoft has yet to say when it will produce a patch that removes the bug.
In an explanation of how the bug arose, Mr Fratric said he was reluctant to
reveal more details until it was patched.
He said he had expected Microsoft to address the bug before the 90-day
deadline had expired.
The problem is found in Internet Explorer 11 as well as the Edge browser and
arises because of the way both programs handle instructions to format some
parts of web pages.
In a statement, Microsoft did not comment directly on the bug and its
significance but said it had a "customer commitment to investigate reported
security issues and proactively update impacted devices as soon as
It added it was involved in "an ongoing conversation with Google about
extending their deadline since the disclosure could potentially put
customers at risk".
So far, there is no evidence that malicious attackers are exploiting the
problem unearthed by Mr Fratric.
The publication of information about the browser bug caps a difficult period
for Microsoft and the security of its software.
Earlier this month, it cancelled a regularly monthly security update without
The update was expected to include fixes for several significant
In the same month, other security researchers released information about a
way to exploit a vulnerability in some Microsoft server code.
No fix has yet been released for this vulnerability.