A rivalry between corporations is nothing new and is an essential driving force to keep the market competitive. While some companies keep it limited to light banter and making fun of their competitor's products, Google and Microsoft seem to have taken it up several notches. Both companies have a history of revealing security flaws in each others' products, and this time, it was Google that public revealed a security flaw in the Microsoft Edge browser. It isn't the first time that Google pointed out flaws in the Edge browser, with another exploit being reported back in November.
After making the exploit public, Google provided Microsoft with a 90-day grace period to have a fix available for its monthly Patch due for release in February. But Microsoft missed this goal because the fix is more complex than initially anticipated by Microsoft. It’s uncertain as to when Microsoft will have a fix available, given its complexity.
Tensions likely to rise between the two software giants
The public disclosure will likely increase tensions between the two companies. Microsoft hit back at Google’s approach to security patches last October, after discovering a Chrome flaw and disclosed it to Google in a discreet way, so the Google had enough time to patch it. The exploit may have been around a while, given Google’s policy to publicly disclose a flaw after 90 days without a patch being rolled out to fix it.
There are, however, exceptions to this rule and Google can even disclose much sooner if the vulnerability is being actively exploited. Google revealed a major Windows bug back in 2016 just ten days after reporting it to Microsoft. Google also has revealed zero-day bugs in Windows in the past before patches are available.
While it's good that security flaws are being reported as soon as they're discovered, publicly revealing one even before the affected company has a chance to fix it will do more harm than good. The recently discovered flaw isn’t as critical as some of the past disclosures, but publicly revealing it may result in it being exploited, knowing that a patch isn't due for a while.
News Source: The Verge
