Microsoft and Google need to tone down the war of words over software bugs
The latest episode is about a vulnerability in the Chrome web browser, and it took Google almost a month to roll out the patches for our PCs
Microsoft and Google are at it again. The point of contention, this time around, is related to the vulnerabilities in the Chrome web browser which the latter makes for PCs. Microsoft discovered a vulnerability in the Chrome web browser, and has now made the details public in what it feels is a responsible disclosure. Microsoft’s security team has identified and detailed a remote code execution process in the Chrome browser running on Windows PCs, and called out Google’s lax attitude towards patching that vulnerability.
In an official blog post, Jordan Rabet of Microsoft’s Offensive Security Research Team says, “In this specific case, the stable channel of Chrome remained vulnerable for nearly a month after that commit was pushed to git. That is more than enough time for an attacker to exploit it.” Git refers to GitHub, which is a software development platform and a repository for distributed software. On its part, Google had rolled out a fix for the vulnerability on GitHub within four days of the initial report, but did not roll out the update on the stable channel for almost a month—stable channel is the route by which you get updates for the newest versions of Google Chrome on our PCs. (Read more )
Microsoft surely has a point here, because it believes that the vulnerability patch should have been released to all Chrome browser users automatically and urgently, and not just on a platform where most common users would not check.
This, as it turns out, is a chance for Microsoft to get back at Google. The latter has often publically criticized Microsoft in the past. In October last year, Google’s Threat Analysis team had disclosed what it claimed was a critical vulnerability in the Windows operating system, in a public post no less. It had detailed the bug specifically, which was allowing attackers to bypass security measures through a flaw in the win32k system. This happened before Microsoft had a patch ready to roll out to users, and needless to say, Microsoft was not impressed.
It was perhaps expected that Microsoft would use this opportunity to talk about the security advantages of its own Edge web browser.
While this game of getting one over the other is all fine as long as it is done in good spirits, but it might be time for both companies to perhaps take a step back, as publically pointing fingers at each other while revealing complete details of vulnerabilities that may or may not have been patched, does put PC security of millions of users at risk.
- Awareness of cyber threats to cryptocurrencies is very low in India: report
- Crime linked to Blockchain soars 629% in Q1, says report
- IBM builds Artificial Intelligence machine that can debate with humans
- Not just IRCTC app, Indian Railways now has an app for almost every service it offers
- Wikipedia edit-a-thons: Fighting the fake news menace, one edit at a time
Editor's Picks »
- Why Indian paint makers are shifting to water-based paints
- 2019 elections still some time away but defence stocks get the jitters
- Complan and Horlicks sale signals low energy in health drinks market
- With fall of the last dove, MPC minutes portend more than one RBI rate hike
- RITES IPO ticks the valuations box, but not the growth one