recently, Google specifically disclosed vulnerabilities Department "threat analysis group" (Threat Analysis group) announced a major vulnerability level threatened the Windows operating system, and issued the relevant patch to protect Chrome users. The problem is that Google’s Chrome protection patch out, but the official Microsoft patch has not yet been born. Google’s move infuriated Microsoft.


Microsoft angry also reasonable.

first, Google in the exploit was originally discovered promptly inform Microsoft, Microsoft after that also began to develop the relevant patch, but 10 days, Google suddenly the vulnerability disclosure, while Microsoft has yet to complete the patch development.

In addition,

Google Windows vulnerability described more specifically:

due to the existence of the vulnerability, will allow an attacker to exploit a flaw in the win32k system to avoid the security sandbox. Once the vulnerability is exploited, the attacks brought serious consequences to the vulnerability as a "danger level". Currently the vulnerability is being used frequently.

this is embarrassing: Google released a patch to protect their Chrome browser users, but Windows’s own vulnerability has not been resolved by picking out Microsoft is tantamount to "reveal to the public, naked in front of the hacker". On the surface, Google in order to protect the Chrome users, selling teammates. Good agreement?

, Microsoft, Google disclosure of information will undoubtedly customers at risk of Microsoft, in the patch unfinished case, if other hackers known as Microsoft vulnerability, will likely to attack the. To this end, Microsoft gives an emergency solution, it is recommended that customers use Windows 10 system and Microsoft’s Edge browser.

face of dissatisfaction with Microsoft, Google is to come up with their own policy pot pot: they said that Google’s behavior in line with their own product vulnerabilities in 2013 to disclose information related policies. Google found a loophole in the supplier’s products, it will be notified in a timely manner, and gives a grace period of seven days to make it related patches. That is, after reporting to external companies seven days, you can open loopholes.

many researchers complain that Google’s policy is too harsh, that seven days grace period, simply can not get the right solution to deal with complex security vulnerabilities. Complained to the complaint, the implementation of the policy for three years, few manufacturers accused of the policy, it may also be unable to negotiate with the small manufacturers Google. But this gun is precisely the dare and Google gestures Microsoft, with Microsoft, Google seems to have treatment on the vulnerability of reservations: Google grace period is seven days, and this announced Microsoft vulnerabilities are pushing >