Google has publicly identified a "high-severity" security flaw that affects several versions of Microsoft's browser and could allow an attacker to execute malicious code.
The disclosure is complicated by the fact that Microsoft has yet to release a patch despite having been notified by Google of the issue last November. Google has a practice of going public with security issues 90 days after privately reporting issues to the software maker in question.
Ivan Fratric, the Google researcher who identified the issue, said he expected Microsoft to fix the issue before the deadline.
"I will not make any further comments on exploitability, at least not until the bug is fixed," he said, according to Ars Technica. "The report has too much info on that as it is (I really didn't expect this one to miss the deadline)."