Google discloses Microsoft Edge security flaw before a patch is ready

Becky

Becky

Webmistress
Joined
Mar 25, 2003
Messages
7,424
Reaction score
1,511
Back in November 2017, Google reported a security flaw to Microsoft regarding their browser, Edge. Google gave Microsoft 90 days to patch the flaw before going public, followed by an additional 14 days grace period due to the fact that the problem was more difficult to patch than initially anticipated. The Verge has more:

Microsoft and Google have been bitter rivals for at least a decade, and the pair have had several disagreements over security vulnerability disclosure in recent years. Google is stoking those disagreements again this week by disclosing a Microsoft Edge security flaw before a patch is available. Neowin spotted that Google disclosed the security flaw to Microsoft back in November, and the company provided 90 days for Microsoft to fix it before going public as it’s rated “medium” in terms of severity.

Google also provided Microsoft with an additional 14-day grace period to have a fix available for its monthly Patch Tuesday release in February, but Microsoft missed this goal because “the fix is more complex than initially anticipated.” It’s not clear when Microsoft will have a fix available, and the Google engineer responsible for reporting the security flaw says because of the complexity of the fix Microsoft “do not yet have a fixed date set as of yet.”
Click to expand...


Read more here.
 
nivrip

nivrip

Yorkshire Cruncher
Joined
Mar 21, 2007
Messages
10,889
Reaction score
2,138
Well, I have Edge on my system but never use it. I prefer IE11 so does that mean I'm OK or does just having Edge mean that I am vulnerable?

Presumably there will be a patch available as soon as possible especially now that it's all out in the open. :)
 
Becky

Becky

Webmistress
Joined
Mar 25, 2003
Messages
7,424
Reaction score
1,511
Well it's not great that Microsoft haven't been able to fix it in 104 days, and they have no idea of when it'll be patched. I dislike that the article makes out that Google is the bad guy - they have no responsibility to report bugs in Microsoft's software, they could keep it to themselves and play the advantage. The fact that they spot them and privately tell Microsoft so they can fix it can only be a good thing. Going public once a reasonable period of time has passed seems only fair too - users have the right to know.

@nivrip you're right to steer clear of Edge. I haven't used IE in a long while, I prefer Chrome myself.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft makes emergency security fix 1
Unpatched Microsoft XML Core Services flaw increasingly targeted inattacks 1
Microsoft to release a critical "out of band" patch 0
Serious security flaw found in IE 52
Windows 7 Don't panic: Microsoft mistakenly posted a 'test' Windows update patch 3
Windows XP Major Windows Security Patch 3
Microsoft: Critical Flaw in Windows Music Program - Need Patch 1
What is everyone doing about this security flaw til 1/10/06 19

Top