Web giant says no fix or advisory has been issued even though
it reported the flaw 10 days ago.
Google on Monday disclosed details about a critical vulnerability in Windows, and Microsoft isn’t happy about it.
The bug can be used to bypass the security sandboxing in the Windows32K system, Google said in a blog post. Compounding the issue, Google said it reported the bug to Microsoft 10 days ago but the company has done nothing to address the issue publicly.
“After seven days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” Google wrote. “This vulnerability is particularly serious because we know it is being actively exploited.”
Microsoft didn’t immediately respond to a request for comment but apparently wasn’t pleased by Google’s revelation.
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google could put customers at potential risk,” the company said in an email to VentureBeat on Monday, though it did not share when a patch could be expected to be released.
Google said it repaired the vulnerability for its Chrome users, and Adobe issued an update for Flash last week.
1 November 2016