Google revealed a Microsoft Edge security flaw, before a patch is available, on Monday. While this particular security issue probably wouldn’t have affected too many users, it looks like the disclosure will resurface tension between the two corporations.
In November, Google discovered a problem relating to the JIT (Just In Time) compiler for Javascript in the web browser. The security issue could allow for a browser to be compromised by predicting the address of processes that are to be called, according to BetaNews.
Google classified the bug as a medium-severity flaw and gave Micros0ft a 90-day deadline to fix the issue before it was disclosed to the public. Those 90 days have passed—as well as an additional 14-day grace period—and Microsoft still hasn’t fixed the problem. Microsoft said the issue was more complex than it expected, according to the Verge.
The two companies have disagreed over publicly disclosing security issues in the past. Microsoft argues 90 days is not enough time to fix an issue, while Google wants the industry to adopt more aggressive disclosure policies. Google disclosed a major Windows bug back in 2016 just 10 days after reporting it to Microsoft, and the company has revealed zero-day bugs in Windows in the past before patches are available.
