Microsoft hits out at Google after finding security hole in Chrome


Microsoft has criticised Google over the way it handles security patches after discovering a major security vulnerability in the Chrome web browser, which meant it could be exploited by hackers.

Microsoft has used the episode to tout the security benefits of its own Edge web browser, which it says is more secure than Chrome.

“Our discovery of ‘CVE-2017-5121’ indicates that it is possible to find remotely exploitable vulnerabilities in modern browsers. Chrome’s relative lack of remote code execution (RCE) mitigations means the path from memory corruption bug to exploit can be a short one,” wrote Jordan Rabet, from Microsoft’s Offensive Security Research team, in a blog.

“Chrome’s process for servicing vulnerabilities can result in public disclosure of details for security flaws before fixes are pushed to customers,” added Rabet.

According to a report in Engadget, Google has already patched the issue.

“While the fix for this issue doesn’t out the vulnerability, according to Microsoft, that hasn’t always been the case. Microsoft believes that a fix should be applied before they are public knowledge,” Microsoft said.

The feud between Microsoft and Google regarding the security of their products is nothing new.

Last year Google went public with details about a security flaw in Windows before Microsoft had a chance to fix it.

According to The Verge “it irritated the company so much that Windows chief Terry Myerson authored a blog post criticising Google for not disclosing security vulnerabilities responsibly.”

The news comes after a recent study claimed that Microsoft Edge browser offers better protection against phishing attacks than rival browsers Firefox and Chrome.

The study, carried out by NSS Labs, found that out of 36,120 test cases, Edge blocked 92.3 percent of phishing URLs, compared to 74.5 percent blocked by Chrome and 61.1 percent blocked by Firefox.


Comments are closed.