The detail are pretty technical, but the issue has to do with how Microsoft Edge deals with code execution. Thanks to this flaw, a hacker could bypass the Edge browser's security features and place malicious code within the memory of the target computer.
Project Zero's policy is to give companies 90 days after the detection of a security flaw to fix it. Neowin first reported that Google notified Microsoft of the problem back in November. Because the company hasn't yet fixed it, Google has made the issue public. It's not likely to make Microsoft very happy, as the company has previously taken issue with how Google handles reports like these.