Google found another critical bug in Microsoft Edge over the weekend. Google’s Project Zero disclosed a Microsoft Edge security flaw and the technical details of the software vulnerability along with Microsoft’s response. Now, the relation between Google and Microsoft cannot be expressed as good especially considering the events of recent days.
Back in November, The vulnerability was discovered after Microsoft failed to patch the issue in time. This bug can impact just-in-time compiler of Microsoft Edge that could enable an attacker to know how much memory a compiler will be using and rewrite the same to deliver the payload to the target.
According to a report, Google found another critical bug in Microsoft Edge and it’s a critical software vulnerability and Microsoft was provided 90 days to fix the issue and an additional 14 days at a later stage
Microsoft has failed to fix a patch at that time so Google took the responsibility and revealed the details of the vulnerability to the public.
Google decided to make the flaw public that is not likely to make Microsoft happy but in response to last year’s criticism made by Windows chief Terry Myerson saying Google not disclosing security vulnerabilities responsibly.
A Microsoft Offensive Security Research team member, Jordan Rabet said, “We responsibly disclosed the vulnerability that we discovered along with a reliable remote code execution exploit to Google on September 14, 2017.”
Microsoft said that the bug is complex and the release will be delayed due to these memory management issues. Google regularly discovers and reveals security flaws in Microsoft’s software, and sometimes publishes the technical details before products are patched.