Google Reveals Microsoft Edge Flaw: Foul Or Microsoft Is Just Too Slow To Create A Patch?


Last month, researchers from Google's Project Zero were the first to discover the notorious Meltdown and Spectre flaw, which caused widespread panic among tech users.

Security researchers were mainly tasked to find out if the search company's products could be potentially exploited. Previous accomplishments by the white hat team of hackers include the discovery of a Windows 10 vulnerability in 2016 and another one in 2017.

Last month's report yielded the processor exploit that could supposedly give a hacker access to sensitive information even without a passcode. The latest find reportedly deals with Microsoft Edge, the Redmond firm's built-in web browser.

Enough Time Is Provided

Although the issue was just recently revealed by the white hat group, reports note it was initially discovered last year in November. The team reported the bug, which appears to be linked to the browser's Arbitrary Code Guard feature.

Companies are apparently given a 90-day disclosure deadline before Google Project Zero declassifies its findings for public use. According to sources, Microsoft requested an extension of at least two more weeks to work on the vulnerability. However, it looks like it failed to address it on time, which prompted the researchers to go public.

Losing Its User's Trust

Microsoft's untimely approach with the Edge browser's problem presumably adds more issues to the troubled platform. Surveys have proven that most Windows users only use Edge to download other browsers like Google Chrome, Mozilla Firefox, and Opera. Now that the public is aware that a flaw remains unpatched, it will only serve to drive away the small number of people that still use it.

Given the knowledge that upon its discovery, the security team immediately flagged it as a "medium" severity flaw. This indicates the potential threat if left unattended, the firm should have taken it seriously and worked on a patch to resolve it without delay.

The Microsoft Security Response Center confirmed that the security flaw was more complex than what was expected by its software engineers. Therefore, a fix was not immediately made available even within the grace period provided by Google.

Google's Established Schedule

Microsoft's Edge flaw will supposedly get its patch on March 13. Yet, it already seems too late since Google made its public announcement to highlight the issue. Industry insiders claim that the search firm wants its competitors to disclose vulnerabilities as soon as it is discovered.

Nevertheless, the competition would rather follow its established protocol on public announcements. It seems that a discrete approach is a preferred method to minimize backlash from users and avoid pressure when it comes to deadlines for fixes.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics