There has been a cat and mouse situation between Google and Microsoft over security vulnerabilities in the recent past. Today, Google is again reigniting that fire by disclosing a medium level security flaw in Microsoft’s Edge browser whose patch is still not fixed.
In November of 2017, Google disclosed the security flaw to Microsoft and provided a period of 90 days for Microsoft to fix it before going public. Google rated the flaw as “medium” in terms of severity.
Google later provided Microsoft an additional 14-day grace period fix the flaw, but Microsoft has again missed the fix as it is more complex than initially anticipated.
There is no official statement from Microsoft as to when the patch will be available and the Google engineer that reported the flaw says, “because of the complexity of the fix Microsoft do not yet have a fixed date set as of yet.”
For long, Google has revealed bugs in Microsoft’s products before the patches are ready. The public disclosure will once again anger Microsoft. And while Google has a policy to publicly reveal security flaws after 90 days, Google at times makes exceptions to this rule and can even disclose earlier if the vulnerability is being actively exploited. In 2016, Google disclosed a Windows bug just 10 days after reporting it to Microsoft.
Recently, Google engineers found flaws in CPU in Intel and AMD offered around six months to fix the problems before publicly disclosing the flaws earlier this year. Chrome OS and Android devices were also affected by the CPU flaws, along with Windows, Linux, macOS, and iOS.