Google and Microsoft troll each other over software vulnerabilities
Google has a history of not playing nicely with Microsoft. The company has previously posted publicly about their competitor’s software vulnerabilities, and understandably, Microsoft hasn’t been very happy about it. But now, the company has turned the tables on Google. Microsoft found a vulnerability within the Chrome browser, and while Google patched it in beta versions, it wasn’t fixed in the public release for roughly a month.
However, Google posted the fix on GitHub instantly, before it was applied to the public release. While the fix for this issue doesn’t out the vulnerability, according to Microsoft, that hasn’t always been the case. Microsoft believes that a fix should be applied before they are public knowledge.
Microsoft does have a point here. It took Google a month to patch this particular Chrome vulnerability; that’s plenty of time for a hacker to examine it and exploit it. It’s probably not the best judgment to put fixes for vulnerabilities on GitHub before they’re patched in a browser.
That being said, though, are we really benefitting from this one-upmanship between Google and Microsoft? Sure, the issues are being identified and corrected, which is always a good thing. And a bit of friendly competition can certainly be helpful. But this may have veered beyond “friendly” territory and started endangering users’ security in the process. Perhaps it’s time for both companies to rethink their approach when it comes to these issues.