Microsoft Chastises Google Over Zero-Day Chrome Exploit Disclosure

Microsoft hits back at Google over approach to security patches

Microsoft finds an exploit in Google Chrome, emphasizes Edge's security

One member of that security team, Jordan Rabet, confirmed in Microsoft's blog post that there is a security hole in Chrome and could lead to some malicious code execution.

"In this specific case, the stable channel of Chrome remained vulnerable for almost a month after that commit was pushed to "git".

The California-based company has unearthed a number of security issues within Microsoft software, and has occasionally revealed details publicly before the products are patched.

Meanwhile, Google allows its engineers to disclose details of a vulnerability seven days after they have reported to vendors.

Microsoft also of course took the opportunity to talk about how Edge handles this sort of attack vector better than Chrome.

Читайте также: Chipotle Mexican Grill, Inc. (CMG) Price Target Cut to $420.00

Given the acrimonious relationship between Google and Microsoft's security teams I expect this will not be the first such exchange over the next few months, but hopefully, the result will be safer browsers and operating systems for us all.

However, Microsoft is using the security flaw in Chrome to claim that its own Edge browser was protected from the same kind of security threat. The problem is that Chrome was vulnerable for a month, easy to be exploited after they made the code public.

Google acknowledged the bug and paid Microsoft a $15,000 bug bounty (which Microsoft donated to charity), but their approach to patching the bug also raised alarm at Microsoft. At any rate, as long as the two companies' fights result in their browsers getting more secure, it is a win for consumers. Past year we've heard of Google warning of a security issue in Windows.

What Microsoft is specifically criticizing Google for making the source code for the fix available via Github before the official stable channel fix was ready giving any nefarious sorts a month to find the flaw and exploit it. Rabet wrote that Google's approach was "problematic when the vulnerabilities are made known to attackers ahead of the patches being made available".

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Latest News