HomeWinBuzzer NewsGoogle Finds Microsoft Edge Vulnerability and Discloses it After No Patch Was...

Google Finds Microsoft Edge Vulnerability and Discloses it After No Patch Was Issued

Google Project Zero has once against found a flaw in Microsoft Edge and according to its practice disclosed the vulnerability after Microsoft missed a 90-day patch deadline.


Since launched the Edge web browser for , the company and have been locked in a browser battle. To be fair, it is a battle Google's market-leading Chrome is comfortably winning. However, has managed to score a few minor wins in terms of speed and security tests.

Now Google has ramped up to the next level and is stoking the fire against Microsoft Edge. The company has disclosed an Edge security vulnerability before Microsoft has sent out a patch.

This information comes from , a division that is made up of a team of security analysts. The point of the team is to look for zero-day vulnerabilities. Google opened the division in 2015 and warns software providers of any vulnerabilities found in their products.

Using the full time team, Google looks for flaws in software, giving developers and publishers 90 days to patch problems. If no fix is issued in that time, Project Zero will make the security flaw public.

Indeed, it was almost a year ago that Project Zero issued a report on another Microsoft Edge problem. This time, the company says the flaw is rated as medium in terms of risk. As usual, Google told Microsoft and gave it 90 days to issue a patch.

That was back in November and a 14-day grace period was added at the start of this month. Microsoft has the additional time to issue a fix through its February . That has come and gone, so Google has decided to go public. Microsoft says it missed the deadline because “the fix is more complex than initially anticipated.”

Microsoft against Project Zero

The company has often been critical of Google Project Zero. Microsoft's problem with Google Project Zero has not been that the team finds vulnerabilities, but how it reports them. The team was created to find zero-day exploits in third-party services and to warn software makers about the flaws. Project Zero has found issues in Windows 10 and the Microsoft Edge browser.

Terry Myerson, Executive Vice President, Windows and Devices Group, previously said Google's 90-day limit ultimately puts customers at risk:

“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google's decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.”

SourceThe Verge
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News