'In a Wednesday blog post, Redmond examined Google's browser security
and took the opportunity to throw some shade at Chrome's security
philosophy, while also touting the benefits of its own Edge browser.
The post, written by Microsoft security team member Jordan Rabet,
noted that Google's Chrome browser uses "sandboxing" and isolation
techniques designed to contain any malicious code. Nevertheless,
Microsoft still managed to find a security hole in Chrome that could
be used to execute malicious code on the browser.
Google about the problem, which was patched last month. The company
even received a $7,500 reward for finding the flaw. However, Microsoft
made sure to point out that its own Edge browser was protected from
the same kind of security threat. It also criticized Google for the
way it handled the patching process. Prior to the patch's official
rollout, the source code for the fix was made public on GitHub, a
software collaboration site that hosts computer code. That meant
attentive hackers could have learned about the vulnerability before
the patch was pushed out to customers, Microsoft claimed. "In this
specific case, the stable channel of Chrome remained vulnerable for
nearly a month," the blog post said. "That is more than enough time
for an attacker to exploit it."
In the past Google has also disclosed vulnerabilities found in
Microsoft products -- including Edge.'
-- source: https://it.slashdot.org/story/17/10/22/010235
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174