Microsoft criticizes Google's security team

'Friendly competition' began last fall when Google's Project Zero security team began reporting bugs on Microsoft products such as Internet Explorer, Edge, Windows Defender and Windows OS.

It is not new for companies to make a mistake, but Google has gone a little too far when at least twice, they have announced bugs to the public before Microsoft releases the patch. The first time it was with a Windows GDI (Graphics Device Interface) error and the second was an error affecting both IE and Edge.

Google criticized Microsoft at the beginning of the month

Despite a headache with the announcement of the bug, Google continued to add fuel to the fire at the beginning of the month, one of the researchers at Project Zero criticized the way MIcrosoft patched.

The researcher said that Microsoft often offers different patches for older Windows versions, making the OS vulnerable to security flaws and causing attackers to exploit the vulnerability.

Microsoft also does not know. On their blog, they also said that there was a security error on Google products, specifically on the Chrome browser.

Microsoft can also find errors on Google products

Microsoft's Offensive Security Research Group (OSR) also found a bug and reported it to Google in September. Google fixed the error on Chrome 61, even awarding researchers' efforts from Microsoft $ 15,837, a sum of money. Microsoft intends to do charity.

According to Microsoft, CVE-2017-5121 flaw causes an attacker to execute remote code in a browser and can cause serious information leakage.

Most of the errors that Google found on Microsoft products used fuzz tests and it was funny that Microsoft also used this tool to find errors.

Microsoft criticizes Google's security team Picture 1
In short, neither Microsoft nor Google are perfect

Jordan Rabet, a Microsoft researcher, found an error, used ExprGen, Microsoft's fuzz tool and used Edge's Chakra JavaScript engine. Rabet says he also uses ExprGen on V8, Chrome's JavaScript engine to find CVE-2017-5121.

Microsoft in turn criticized the process of Google patching

Ignoring the technical details, Microsoft did not forget the old debt. Rabet pointed out that the fix for the bug he found was put on the V8 GitHub repository, which allowed an attacker to reverse the patching technique and find another vulnerability.

The fact that Google took three days to fix errors on Chromium and Chrome was enough for an attacker to exploit the vulnerability. Because it happened in September, Microsoft had no reason to say a longer error on Chrome no longer exists. Chrome has now updated to version 62.

See also: Invite to download Google Chrome 62 for Windows, Mac and Linux

It is no wonder that criticism in early October about Google's patching process caused Redmond hoters. They did not forget to remind Google that their products were not inviolable fortresses as they thought.