This medium security flaw was discovered by Google Project Zero and immediately alerted Microsoft November 2017. But Microsoft didn’t take it take it seriously.
With flaw, hackers could bypass Microsoft Edge's existing security measures to inject malicious code into a victim's computer.
Google, through its Project Zero, notified Microsoft about a bug in November, giving the company the usual 90-day disclosure deadline. Now the 90 days disclosure has expired and, the team of security analysts employed by Google tasked with finding zero-day vulnerabilities - Project Zero -went public with the details of the security flaw.
Since the problem still persist, its advisable you stay away from Microsoft Edge browser till when Microsoft fix this vulnerability.
