Microsoft criticizes Google over handling of Chrome exploit

Share
Microsoft criticizes Google over handling of Chrome exploit

From Google's standpoint, it fully cooperated with Microsoft in patching the vulnerability that was discovered and reported by Microsoft's Offensive Security Research team on September 14.

There is no love lost between Microsoft and Google when it comes to security patches.

Discovering the exploit was only the beginning of Microsoft's work with Google as the company then chose to take the opportunity to try and dish out a backhanded lesson in dealing with vulnerability discoveries. "Chrome's relative lack of remote code execution (RCE) mitigations means the path from memory corruption bug to exploit can be a short one", wrote Jordan Rabet, member of the Microsoft Offensive Security Research team, in a blog post late on Thursday.

Recently, Microsoft found itself in the position to scold its frequent exploit nuisance finder Google, and boy did the company jump at the opportunity.

Google paid Microsoft a $7,500 bug bounty for disclosing the Chrome vulnerability, along with another $8,337 for other uncovered bugs, which the firm donated to charity.

Google patched the problem within a week in its beta versions of Chrome, but Microsoft notes that, although now fixed, the stable and public channel "remained vulnerable for almost a month". Giving the general public access to source code before regular release channels makes it significantly easier to find vulnerabilities that could be used in between when code is published to Github and the time that the final bug fix is pushed out.

"In this specific case, the stable channel of Chrome remained vulnerable for almost a month after that commit was pushed to git".

"Our strategies may differ, but we believe in collaborating across the security industry in order to help protect customers", Microsoft concludes.

Google's Project Zero security team has been keeping Microsoft busy finding exploits in Windows and Edge, and on occasion announcing them publicly before Microsoft has patches available.

Share

Advertisement

Related Posts

M&S Bank reveals plans to launch mortgage range
There have been no full details on the bank's plan, but M&S has said the changes will be introduced early in 2018. M&S Bank, which is celebrating its fifth anniversary, also offers current accounts, credit cards and loans.

Kia Joorabchian to hold Liverpool-Barcelona meeting next week
The Blaugrana are prepared to bid €110 million for the Brazilian, comprised of €80 million in cash plus €30 million in add-ons. "It was massive to keep hold of Philippe Coutinho but you feel it could only be a matter of time before they lose him".

A Tourist was Killed after an Accident in a Cathedral in Florence
The expert said there were no other known "critical elements" in the church, which was "subject to periodic checks". The Basilica of the Holy Cross is the final resting place of Michelangelo, Niccolo Machiavelli and Galileo Galilei .

Brad Pitt falls for 21-year-old Angelina Jolie lookalike
She has even told her friends that Pitt has "always been her No. 1 celebrity crush ", the source said. On the other hand, Purnell is said to be enjoying the attention Pitt is giving him.

Jacksonville Jaguars owner Shad Khan says President Trump 'jealous of' NFL
The smaller league forced an antitrust lawsuit against the NFL in '84, but did not receive serious dividends and did not survive. Khan's latest statements, however, make him one of the more vocal NFL owners opposed to Trump's views on the league.

LyondellBasell Industries NV (NYSE:LYB) Stock Rating Lowered by HSBC Holdings plc
State Treasurer State Of Michigan acquired 265,600 shares as Lyondellbasell Industries N (NYSE: LYB)'s stock declined 12.71%. Biltmore Wealth Management Limited Liability Company holds 0.83% in LyondellBasell Industries NV (NYSE:LYB) or 8,736 shares.

Financial Update of Helios and Matheson Analytics Inc (NASDAQ:HMNY)
Shares of Newfield Exploration Company (NYSE:NFX) observed rebound of 19.91% since bottoming out at $24.41 on August 21, 2017. Digging a bit further, company shares have been noted -56.38% off the 52 week high and 670.41% away from the 52 week low.

F1 chance doesn't rule out IndyCar - Hartley
Hartley will be the first New Zealand driver in Formula One since Mike Thackwell at the 1984 Canadian Grand Prix. He switched to sports cars and joined Porsche , taking part in this year's victory at the Le Mans 24-Hours race.

Technical check on Merck & Co., Inc. (MRK) , Amgen Inc. (AMGN)
The firm has "Market Perform" rating by CJS Securities given on Monday, December 12. (NYSE: MRK ) rating on Tuesday, November 17. The Schafer Cullen Capital Management Inc holds 2.18 million shares with $139.82M value, down from 2.24 million last quarter.

Federal judge refuses to erase Joe Arpaio's conviction despite Trump pardon
Judge Bolton continued in her remarks that the acceptance of a pardon, according to legal precedent, is an admission of guilt. However, Bolton disagreed, pointing to an earlier case (United States v.

© 2015 ExpressNewsline. All Rights reserved.