Google’s (NASDAQ:GOOGL) Project Zero is a team that looks for security issues or loopholes in other companies’ products. If they find one, they inform the company of the issue. That company then has 90 days to resolve the issue. Otherwise Project Zero goes public with the issue so people are aware of it.
Have you ever used Microsoft Edge? Maybe it’s a good thing if you haven’t as Project Zero has once again shown that it is more than happy to follow through on its promise of going public.
Back in November, Project Zero discovered a vulnerability in Microsoft’s (NASDAQ:MSFT) Edge browser. Essentially, the vulnerability had to do with the code. The way coding is currently set up on Microsoft Edge allows hackers to bypass the security features of the program. Hackers could then insert malicious code into the memory of any target computer.
Google notified Microsoft of this flaw in the Edge security system, also in November, but it seems that the problem hasn’t been fixed, given that we are now hearing about it.
This isn’t to say that Microsoft ignored the warning or wasn’t trying to fix the issue. It may just be that the problem is a deeper one that cant be solved in 90 days. This brings up the question: is it fair of Google to set a 90-day period for companies to fix these issues, which may be extremely complex fixes? Does the public have the right to know about the problem, which, presumably, Google believes, or does making the information public risk greater vulnerability to the system that is already at risk?
Microsoft has yet to respond to the news going public. At this point, it is still unclear when Microsoft will have a patch ready to resolve the issue discovered by Project Zero.
The severity of the flaw in Microsoft Edge is considered medium by Google.
Featured image: 422737