The two tech giants, Microsoft and Google are in a clash over the security vulnerability disclosure. Google recently revealed the Microsoft Edge security flaw to the public after the expiry of 90 days deadline to fix the issue even before the patch is ready.
As per the report from Neowin, Microsoft is in response to fix their security flaw within the given deadline but they failed to do, due to the higher complexity. It is also seen that Google has extended their deadline with a grace period of 15-days. But that doesn't help Microsoft in the end.
The main motive of Google's Project Zero is to find the flaws in various software products and report them to resolve it in a particular period of time. If the company failed to meet the requirement, Google will disclose the security flaw. This is the case of Microsoft now and they are unhappy with that.
During the September month, Microsoft discovers the vulnerability in Chrome and hit back at Google's approach to security patches. Microsoft outlines a remote code execution issue in Chrome and in a week Google managed to bring the patch for the problem.
The recent disclosure by Google is Meltdown and Spectre, found in Intel, AMD, and ARM processors. Using this CPU flaw, the hacker can access all your personal data including name, phone number, passwords, etc. This is really bad. Google has to leak this flaw to the public after giving enough duration of 6 months to fix an issue before the patch is ready.
There is a huge disagreement over security vulnerability disclosure between the two giants Google and Microsoft. It is happening over a decade one after the other, says The Verge. As a result of the recent disclosure, Microsoft is unhappy and criticizes the Google action. The disclosure policy initiated by the Google is adoptable by the industry, they say.