Google’s Project Zero -- a team responsible for finding zero-day vulnerabilities -- has uncovered a security flaw in Microsoft’s Edge browser. The flaw allows hackers to circumvent Edge’s security and deposit malicious code on users’ devices.
The severity of the vulnerability ranks as “medium,” and Microsoft has detailed what it considers to be the best steps for Edge users to take. Those steps include updating a computer’s antivirus software, Windows security, and computer firmware.
“The fix is more complex than initially anticipated,” said Microsoft. However, the company proactively stated that its teams were “positive that (the fix) will be ready to ship on March 13th.” Until then, some technology consultants recommend using a different browser as an added safeguard.
Microsoft and Google find themselves back in the boxing ring
Google’s standard operating procedure is to let the company affected by any flaw know immediately and give them 90 days to get it fixed before Google goes public with its discovery.
In Microsoft’s case, the complexity of the fix and the time given to repair it wasn’t a perfect scenario for the company, and Google supposedly shaming Microsoft in public by disclosing the flaw only raised its hackles more.
The companies have gone at each other before, seemingly working overtime to find holes in each other’s products. Microsoft found a flaw in Google Chrome last October and gave Google 90 days to fix it before Microsoft went public with the news.
That 90-day policy is one of two things at the core of the two tech giants’ loathing of each other, with the key element being if 90 days is “reasonable.” Google has extended grace periods from time to time, but it’s also been known to disclose a vulnerability if it’s being aggressively manipulated. A case in point is Google’s disclosure of a serious Windows bug back in 2016 a mere 10 days after reporting it to Microsoft.
The other spite comes from Google wanting the tech world to adopt its hard-hitting disclosure policies. So far, Microsoft hasn’t acquiesced, and the debate continues to rage on whether Google should be driving the way security flaws in competing operating systems are divulged to the public.