Google disclosed an unpatched vulnerability in Internet Explorer and Microsoft Edge web browsers. After giving Microsoft 90 days to fix the bug, Google researchers have published the details of the vulnerability along with proof-of-concept code. The security hole affects all supported Windows versions, including Windows 7, 8.1, and 10.

According to The Hacker News, “The vulnerability (CVE-2017-0037), discovered and disclosed by Google Project Zero team's researcher Ivan Fratric, is a so-called ‘type confusion flaw’ in a module in Microsoft Edge and Internet Explorer that potentially leads to arbitrary code execution.”

Google discovered the vulnerability in November 2016 and reported it to Microsoft on November 25, but for unknown reasons, Microsoft did not fix the problem. Google gave Microsoft three months to patch the security holes, and after that, Google publicly released the information about the vulnerability.

This is not the only security hole plaguing Microsoft’s products. Earlier, Google disclosed flaws in Microsoft’s GDI library that affects every Windows version all the way back to Windows Vista. Another unpatched flaw affects the SMB protocol, allowing attackers to crash the system.