Microsoft criticizes Google over handling of Chrome exploit

Share
Microsoft criticizes Google over handling of Chrome exploit

From Google's standpoint, it fully cooperated with Microsoft in patching the vulnerability that was discovered and reported by Microsoft's Offensive Security Research team on September 14.

There is no love lost between Microsoft and Google when it comes to security patches.

Discovering the exploit was only the beginning of Microsoft's work with Google as the company then chose to take the opportunity to try and dish out a backhanded lesson in dealing with vulnerability discoveries. "Chrome's relative lack of remote code execution (RCE) mitigations means the path from memory corruption bug to exploit can be a short one", wrote Jordan Rabet, member of the Microsoft Offensive Security Research team, in a blog post late on Thursday.

Recently, Microsoft found itself in the position to scold its frequent exploit nuisance finder Google, and boy did the company jump at the opportunity.

Google paid Microsoft a $7,500 bug bounty for disclosing the Chrome vulnerability, along with another $8,337 for other uncovered bugs, which the firm donated to charity.

Google patched the problem within a week in its beta versions of Chrome, but Microsoft notes that, although now fixed, the stable and public channel "remained vulnerable for almost a month". Giving the general public access to source code before regular release channels makes it significantly easier to find vulnerabilities that could be used in between when code is published to Github and the time that the final bug fix is pushed out.

"In this specific case, the stable channel of Chrome remained vulnerable for almost a month after that commit was pushed to git".

"Our strategies may differ, but we believe in collaborating across the security industry in order to help protect customers", Microsoft concludes.

Google's Project Zero security team has been keeping Microsoft busy finding exploits in Windows and Edge, and on occasion announcing them publicly before Microsoft has patches available.

Share

Advertisement

Related Posts

F1 chance doesn't rule out IndyCar - Hartley
Hartley will be the first New Zealand driver in Formula One since Mike Thackwell at the 1984 Canadian Grand Prix. He switched to sports cars and joined Porsche , taking part in this year's victory at the Le Mans 24-Hours race.

Jacksonville Jaguars owner Shad Khan says President Trump 'jealous of' NFL
The smaller league forced an antitrust lawsuit against the NFL in '84, but did not receive serious dividends and did not survive. Khan's latest statements, however, make him one of the more vocal NFL owners opposed to Trump's views on the league.

M&S Bank reveals plans to launch mortgage range
There have been no full details on the bank's plan, but M&S has said the changes will be introduced early in 2018. M&S Bank, which is celebrating its fifth anniversary, also offers current accounts, credit cards and loans.

400 ancient stones found on edge of volcanoes in Harrat Khaybar region
Other prominently studied structures are " kites ", which were animal traps, and "wheels". The odd clusters "appear to be the oldest man-made structures in the landscape".

Audi unveils the 2018 A7 Sportback
The A7 will include no less than 39 assistance systems, including a remote parking feature that will debut later in 2018. Just like the recently released A8, the A7 Sportback features the same angular grille and headlights as the flagship.

Longbow Research Reiterates "Buy" Rating for Sherwin-Williams Company (The) (NYSE:SHW)
Parallel Advisors LLC lifted its holdings in shares of Sherwin-Williams Company (The) by 2.6% in the first quarter. Sherwin-Williams Company (The) (NYSE:SHW) last released its quarterly earnings results on Thursday, July 20th.

I don't have to be friends with Neymar - Cavani
12 goals in three games and the impact of Neymar and Mbappé combined with Cavani's goal-scorer instinct scare the rest of Europe. In the first half, we did not have flawless control of the match. "We can do even better and we created a lot of chances".

#MeToo campaign spreads across social media raising awareness
She, he reminded an audience in 2008, "was doing everything I was doing, but just like Ginger Rogers, it was backwards in heels". Maybe as a society we had to be so appalled that those who could get by as it was needed to be shaken in their shoes. "No more.

Trump calls to 'keep America safe' citing rising United Kingdom crime rate
In the period reported , gun crime increased by 27 percent; knife crime increased by 26 percent, and sexual crimes increased by 19 percent, the report found.

San Antonio Spurs Lock Arms in Unity After National Anthem
NOTES: San Antonio played without F Kawhi Leonard and venerable PG Tony Parker because of quadriceps injuries. Aldridge's running dunk on a bounce pass from Manu Ginobili gave the Spurs a 100-92 lead with 1:42 remaining.

© 2015 ExpressNewsline. All Rights reserved.