Google disclosed Microsoft security flaw before a patch was ready

Google revealed a Microsoft Edge security flaw, before a patch is available, on Monday. While this particular security issue probably wouldn’t have affected too many users, it looks like the disclosure will resurface tension between the two corporations.

In November, Google discovered a problem relating to the JIT (Just In Time) compiler for Javascript in the web browser. The security issue could allow for a browser to be compromised by predicting the address of processes that are to be called, according to BetaNews.

Google classified the bug as a medium-severity flaw and gave Micros0ft a 90-day deadline to fix the issue before it was disclosed to the public. Those 90 days have passed—as well as an additional 14-day grace period—and Microsoft still hasn’t fixed the problem. Microsoft said the issue was more complex than it expected, according to the Verge.

The two companies have disagreed over publicly disclosing security issues in the past. Microsoft argues 90 days is not enough time to fix an issue, while Google wants the industry to adopt more aggressive disclosure policies. Google disclosed a major Windows bug back in 2016 just 10 days after reporting it to Microsoft, and the company has revealed zero-day bugs in Windows in the past before patches are available.

The post Google disclosed Microsoft security flaw before a patch was ready appeared first on The Daily Dot.


Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.