In November 2017, Google experts discovered a vulnerability in the Microsoft Edge browser, which is built into Windows 10 by default. The researchers gave the company 90 days to correct the error, since it was classified as an “average” threat level. After that details of the vulnerability were promised to be published in the public domain. This is reported by the Neowin website.
The developers did not have time to prepare the patch on time and asked to give them more time. Then Google added another two weeks to three months, but Microsoft experts said that “the patch was more complicated than they thought.” The engineer of Google noted that the exact date of correction of this error is still unknown.
Technically, this measure was aimed at protecting users, but it turned out that the connection between the isolated JIT and the main executable code of the browser can be compromised. Vulnerability allows you to create an executable page in memory.
It’s not the first time that Google has published vulnerability information before patches. For example, in 2016, the company described a major vulnerability in Windows 10 days after it was transferred to Microsoft.
In addition, the company often makes exceptions to its own rules, especially if it concerns its products. In the case of Meltdown and Specter vulnerabilities, Google engineers discovered problems with Intel, AMD and other chips six months before the publication of the details. However, the errors affected the devices on the android along with the others.