You are here Home » Featured » Google hits Microsoft under the belt again by revealing a security flaw in Edge browser too early before a patch release

Google hits Microsoft under the belt again by revealing a security flaw in Edge browser too early before a patch release

by Felix Omondi
google microsoft chromium engine v/s html engine

Microsoft and Google have been trying to outdo each other for decades. Their competition went to the next level in the last decade, with each trying to enter the market that defines the other. Google built its name as a search engine, but it has metamorphosed to include desktop computer operating system and productivity software maker. Microsoft, which built its name as a desktop operating system and productivity software maker is now trying to encroach into search engine and mobile operating system business.

We are likely to see the competition between the two only grow to become more fierce in the coming years. Google recent move shows, it is bringing the big guns into the fight, and throwing what is commonly referred to as professional courtesy out of the window.

You see, there is this thing called zero-day vulnerability. Where a new security flaw is unearthed, and the person who discovers it informs the maker of the software in private and gives them ample time to fix it before making the matter public.

Now, Google, as big a tech company it has grown to become, you would assume they got the memo. That one should not publicly disclose a flaw with another company’s product, but instead inform them privately and only wait until a fix has been issued to make the matter public.

Well, in November last year, Google discovered a security flaw with the Edge browser and approached Microsoft privately to fix the issue. Google gave Microsoft a 90 days ultimatum to fix the flaw, before it goes public with the information. Unfortunately, Microsoft was unable to issue a patch and the 90 days lapsed, so Google gave them an additional 14 days.

Google was expecting Microsoft to issue the patch with its recent monthly Patch Tuesday release in February. Again, Microsoft could not meet the deadline because it has described the fix to be too complex than they had initially anticipated. So as it stands, there is no telling when exactly Microsoft will issue a patch for the security flaw Microsoft Edge browser is currently suffering.

The Google engineer who first reported the security flaw affecting Edge has gone ahead to make his findings public. This move has not gone down well with Microsoft, and the company came out lashing at Google. Microsoft went ahead to remind Google of the professional courtesy it showed them, when they discovered a flaw in the Chrome browser. Microsoft stressed on the fact that they gave Google enough time to address the issue before making it public.

Related: Google unearths vulnerability in Windows 10’s password manager Keeper

This is not the first time Google makes alarming announcement about flaws it has discovered with Microsoft products. Back in 2016, Google again, discovered a major flaw with Windows, and just ten days after reporting the matter to Microsoft, it went ahead and made it public.

Of course, there is not hard rule about not disclosing a zero-day vulnerability to the public. In fact, it is encouraged, when it is confirmed that the flaw is being used by attackers on unsuspecting users. Nonetheless, Google has been too quick on disclosing vulnerabilities with Microsoft product, too quickly before the company had enough time to issue a patch.

One incident where Google did the right thing when its engineers discovered the Meltdown and Spectre bugs affecting Intel and AMD CPUs. The vulnerability affected virtually all devices, including Chrome OS and Android devices. It competitor platforms such as Windows, macOS, Linux, and iOS were not also spared.

Intel and AMD had about six months to fix the zero-day vulnerability with their chips, but Google engineers made it public. This time it was called for, as the gravity of the flaw was big and very widespread.

Google, as one of the big players in the tech scene, is championing for the adoption of aggressive disclosure policies. Something Microsoft is strongly against. This latest revelation on Edge vulnerability by Google raise the professionalism and competition ethics of (Google) it as a company leading the way in unearthing security flaws in rivals products. Could it be working over time to find fault with its competition’s products in order to give itself undue advantage in the court of the public opinion?

You may also like

1 comment

Viktor Navarro March 5, 2018 - 4:31 am

The fact that this is not anything new is what saddens me the most

Comments are closed.