Google engineers have spent much of the past few years aggressively finding flaws in Microsoft's products and services, often mocking the company while reporting them. So it wasn't surprising that spectators enjoyed the view while Microsoft returned the favour to Google in the same reverence this week.
In a blog post published on Wednesday, Microsoft security team member Jordan Rabet threw some shade at Google as he publicly disclosed a vulnerability and a series of bugs his team had spotted in Google's Chrome browser, which uses sandboxing mechanism to contain any malicious code.
Google has since patched the vulnerability and bugs, and even rewarded Microsoft with $15,837, something Microsoft is donating to charity. Microsoft's Rabet also criticised Google for the way it handled the matter. According to him, before Google rolled out the patch, it made the source code for the fix public on software repository website GitHub. This, Rabet said, gave hackers ample time to learn about the vulnerability before the patch was pushed out to customers. He didn't say whether any hacker exploited the vulnerability, however. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month. That is more than enough time for an attacker to exploit it," he wrote.
It's no secret that the two companies have a not so pleasant history, something that has transcended into their security departments as well. The situation had gotten so worse last year that Microsoft senior vice president Terry Myerson criticised Google for not disclosing security vulnerabilities responsibly. At any rate, as long as the two companies' fights result in their browsers getting more secure, it is a win for consumers.