{"id":415,"date":"2018-05-11T21:18:18","date_gmt":"2018-05-11T21:18:18","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=131931"},"modified":"2018-05-11T21:18:18","modified_gmt":"2018-05-11T21:18:18","slug":"google-project-zero-calls-windows-10-edge-defense-acg-flawed","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/","title":{"rendered":"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/11165245\/Browser_HTTP.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>Google Project Zero updated its research alleging that Microsoft\u2019s Edge browser security measure introduced last year, called Arbitrary Code Guard (ACG), is faulty.<\/p>\n<p>Ivan Fratric, Project Zero researcher, published the <a href=\"https:\/\/googleprojectzero.blogspot.com\/2018\/05\/bypassing-mitigations-by-attacking-jit.html\">31-page white paper on Thursday<\/a> alleging that Microsoft\u2019s much vaunted ACG mitigation feature in Edge isn\u2019t sufficient at stopping \u201cadvanced attackers from escaping a browser\u2019s sandbox and mounting other attacks.\u201d<\/p>\n<p>The ACG feature was rolled into Microsoft\u2019s Windows 10 Creators Update in April 2017. Microsoft\u2019s ACG was devised as an effective way to disrupt the typical browser-based exploit chain that attackers use to target the browser\u2019s memory. ACG, in conjunction with a preexisting mitigation technology called Code Integrity Guard (CIG), put the brakes on unsigned and improperly signed code from loading in the Edge browser.<\/p>\n<p>In February, Project Zero researchers <a href=\"https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1435\">first exposed a mitigation bypass<\/a> technique that allowed an advanced attacker to bypass Microsoft\u2019s ACG. The research was critical of how Microsoft implemented its ACG mitigation and how it avoided a browser performance hit by sidestepping Edge\u2019s Just-in-Time (JIT) compilers. The JIT process compiles JavaScript to native code and maps it into a requested content process.<\/p>\n<p>In Edge, Microsoft was able to avoid a performance hit by moving the JIT functionality into a separate process, which runs in its own isolated sandbox.<\/p>\n<p>\u201cACG does succeed to fulfill its purpose of preventing executable memory from being allocated and modified. However, due to mutual dependence of (Control Flow Guard), ACG and CIG and the shortcomings of CFG in Microsoft Windows, ACG alone can\u2019t be sufficient to stop advanced attackers from escaping a browser\u2019s sandbox and mounting other attacks,\u201d wrote Google\u2019s Fratric in his report on Thursday.<\/p>\n<p>The follow-up report by Google, posted on this week, ties together various mitigation bypass issues that have come to light since Google first revealed its research in February. The Google report also dives deeper into how Google\u2019s bypass works.<\/p>\n<p>Fratric initially published his research in February after Microsoft was unable to fix the issue within Google\u2019s Project Zero 90-day disclosure deadline.<\/p>\n<p>Microsoft in a statement to Threatpost pointed out an advanced attacker exploiting ACG would already have gained \u201csome capabilities,\u201d therefore lessening the exposure of the ACG mitigation of an attack. \u201cAs indicated by the researchers, this technique assumes a potential attacker has \u2018already gained some capabilities\u2019 using another method,\u201d a Microsoft spokesperson said.<\/p>\n<p>Google does state its proof-of-concept attack assumed an adversary already has some \u201ccapabilities in the browser\u2019s Content Process to execute arbitrary code.\u201d It\u2019s unclear what those capabilities are from the white paper. Google also acknowledges that since its initial report, some unspecified JIT server issues have been resolved by Microsoft.<\/p>\n<p>Despite fixes,\u00a0Fratric still asserts that by implementing ACG in Edge, it was leaving the mitigation feature called Control Flow Guard (CFG) open to attack. CFG is an optimized security feature designed to combat browser-based memory corruption vulnerabilities.<\/p>\n<p>\u201cCurrently, with a lot of known bypasses, bypassing CFG in Windows is not difficult. However, should Microsoft be able to fix all the known weaknesses of CFG, including adding the return flow protection, the situation might change in the next couple of years. As Microsoft already showed intention to do this, we believe this is their long-term plan,\u201d Fratric wrote.<\/p>\n<p>He added that while his research focused on Microsoft Edge, attempts by other browser makers to implement \u201cout-of-process JIT\u201d would encounter similar problems.<\/p>\n<p>\u201cOutside the problems with CFG, the most fragile aspect of the ACG is the JIT server implementation, where multiple issues were uncovered. While the implementation is young and first of its kind so some issues are expected, the larger issue is that security boundary between the Content Process and the JIT Process isn\u2019t adequately enforced,\u201d he said.<\/p>\n<p>Read More <a href=\"https:\/\/threatpost.com\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/131931\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers maintain Microsoft\u2019s vaunted Arbitrary Code Guard in the Edge browser can\u2019t stop hackers from mounting attacks. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":416,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[288,289,290,18,291,292,293,19,69,294],"class_list":["post-415","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-arbitrary-code-guard","tag-edge-browser","tag-google-project-zero","tag-hacks","tag-javascript","tag-jit","tag-just-in-time","tag-vulnerabilities","tag-web-security","tag-windows-10-creators-update"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-11T21:18:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"477\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed\",\"datePublished\":\"2018-05-11T21:18:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/\"},\"wordCount\":643,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg\",\"keywords\":[\"Arbitrary Code Guard\",\"Edge browser\",\"Google Project Zero\",\"Hacks\",\"Javascript\",\"JIT\",\"Just-in-Time\",\"Vulnerabilities\",\"Web Security\",\"Windows 10 Creators Update\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/\",\"name\":\"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg\",\"datePublished\":\"2018-05-11T21:18:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg\",\"width\":700,\"height\":477},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Arbitrary Code Guard\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/arbitrary-code-guard\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/","og_locale":"en_US","og_type":"article","og_title":"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-11T21:18:18+00:00","og_image":[{"width":700,"height":477,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed","datePublished":"2018-05-11T21:18:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/"},"wordCount":643,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg","keywords":["Arbitrary Code Guard","Edge browser","Google Project Zero","Hacks","Javascript","JIT","Just-in-Time","Vulnerabilities","Web Security","Windows 10 Creators Update"],"articleSection":["Threatpost"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/","url":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/","name":"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg","datePublished":"2018-05-11T21:18:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/google-project-zero-calls-windows-10-edge-defense-acg-flawed.jpg","width":700,"height":477},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/google-project-zero-calls-windows-10-edge-defense-acg-flawed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Arbitrary Code Guard","item":"https:\/\/www.threatshub.org\/blog\/tag\/arbitrary-code-guard\/"},{"@type":"ListItem","position":3,"name":"Google Project Zero Calls Windows 10 Edge Defense \u2018ACG\u2019 Flawed"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=415"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/415\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/416"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}