Google Security discloses a new security flaw in Microsoft's Edge
Google Security discloses a new security flaw in Microsoft's Edge
Google also presented Microsoft with an extra 14-day grace period to have a fix ready for its monthly Patch Tuesday release in February, but Microsoft blew this goal because “the fix is more complex than originally anticipated.” It’s not clear when Microsoft will have a fix ready, and the Google engineer accountable for reporting the security flaw says because of the complexity of the fix Microsoft “does not yet have a fixed date set as of yet.”According to Engadget, taking advantage of the flaw, hackers could bypass Microsoft Edge's existing security measures to inject malicious code into a victim's computer.
Google, through its Project Zero, notified Microsoft about a bug in November, giving the company the usual 90-day disclosure deadline.
Two big and obvious reservations to Google’s security disclosure rules were the recent Meltdown and Spectre bugs. Google technicians discovered the CPU flaws and Intel, AMD, and others had around six months to fix the difficulties before the flaws were publicly revealed earlier this year. Chrome OS and Android devices were also affected by the processor flaws, along with Windows, Linux, macOS, and iOS.
The public exposure will likely anger Microsoft, once again. The software giant hit back at Google’s advance to security patches last October, after seeing a Chrome flaw and “responsibly” disclosed it to Google so the organization had enough time to patch. At the core of the issue is whether Google’s policy to publish after 90 days without a patch is reasonable.
Google makes limitations to this hard rule, with grace periods, and can even reveal much sooner if the vulnerability is being actively exploited. Google unveiled a major Windows bug back in 2016 just 10 days after reporting it to Microsoft, and the company has published zero-day bugs in Windows in the past before patches are available.
Google needs the industry to adopt its aggressive admission policies, but Microsoft has so far resisted rather publicly.
Post a Comment