Google exposes security flaw in Microsoft Edge


According to an update by Google earlier today, Microsoft is now saying that "because of the complexity of the fix, they do not yet have a fixed date set as of yet". Once found, Google notified Microsoft, and gave a 90-day window for the company to patch it before publicly disclosing the flaw.

Google's Project Zero team notified Microsoft of the vulnerability and proof-of-concept attack on November 17, giving Microsoft an initial 90 days to address the issue.

Google has found a vulnerability in Windows 10's Edge browser, and the bad news is that this security bug has been disclosed to all and sundry before Microsoft could patch it.

Even if a booby-trapped web page, image or script manages to wrest the CPU away from Edge in an effort to grab control, ACG means that the attack can't easily transfer control to malware of its own choice. The standard 90-day-deadline was awarded to the company to fix the issue before it was disclosed to the public. It added that it hopes to have a fix ready to ship March 13.

But last week, on February 15th, came a post that said Microsoft "replied that "The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues".

Aston Martin Red Bull reveals RB14 F1 vehicle
RED Bull Racing has revealed its vehicle for the 2018 season, fitted with the new mandatory halo cockpit protection device. That will become much clearer at the team's Barcelona testing site, Circuit de Catalunya , next week.

What you might call Google's soulless approach doesn't differentiate between a company that's not trying and has missed the deadline because it simply doesn't care about security, and one that has been trying hard but hasn't quite made it in time.

Microsoft has previously been critical of Google's 90-day disclosure policy, but the search giant maintains that it can never be accused of preferential treatment by inflexibly disclosing how the bug works after this time period has elapsed. Indeed, Microsoft has struggled to fix this problem.

In October past year, Microsoft criticised Google for the way it handles security updates after discovering a major security flaw in Chrome.

In October 2017, for example, Microsoft criticised Google on grounds that disclosure can endanger users.