The browser vulnerabilities were first made public a 20-year-old security researcher who says he first notified Microsoft about the issues 10 months ago.
Richard Zhu, in plaid shirt, and Amat Cama, right, watch as they compete in the 2019 Pwn2Own contest with a zero-day exploit against the Microsoft Edge web browser. (Zero Day Initiative / Twitter)
Chinese contestants from major companies had been dominating the contest in recent years, but new regulations from Beijing prohibited them from joining this year's fray.
The flaw could affect all users running vulnerable software — which includes anyone using the bundled browser in Windows 7, Windows 8.1, and Windows 10.