The vulnerability (CVE-2017-0037), discovered and disclosed by Google Project Zero team’s researcher Ivan Fratric, is a so-called “” in a module in Microsoft Edge and Internet Explorer that potentially leads to arbitrary code execution. Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10. The vulnerability was reported to Microsoft on November 25, and it went public on February 25 after Google’s 90-day disclosure policy.
Source: https://thehackernews.com/2017/02/google-microsoft-edge-bug.html