Microsofts Windows security team has discovered a remote security flaw in Google Chrome that can be exploited by hackers. “Our discovery of ‘CVE-2017-5121’ indicates that it is possible to find remotely exploitable vulnerabilities in modern browsers. Chrome’s relative lack of remote code execution (RCE) mitigations means the path from memory corruption bug to exploit can be a short one,” wrote Jordan Rabet, member of the Microsoft Offensive Security Research team, in a blog post late.
“Chrome’s process for servicing vulnerabilities can result in the public disclosure of details for security flaws before fixes are pushed to customers,” Rabet added.
According to an Engadget report on Friday, Google immediately posted the fix for the remote flaw on GitHub. “While the fix for this issue doesn’t out the vulnerability, according to Microsoft, that hasn’t always been the case. Microsoft believes that a fix should be applied before they are public knowledge,” the report added.
The Microssoft-Google rivalry over security flaws in their products is not new. Last year, Google disclosed a major Windows bug before Microsoft was ready to patch it.
“It irritated the company so much that Windows chief Terry Myerson authored a blog post criticising Google for not disclosing security vulnerabilities responsibly,” The Verge reported. After testing the latest Windows 10 “Fall Creators Update” over the past six months, Microsoft has now released the latest edition to secure over 500 million Windows 10 devices globally, starting with new machines first.
Microsoft wants users to keep their software up to date in order to avoid another series of deadly cyber attacks such as WannaCrypt that impacted worldwide PCs that were running an outdated Microsoft software. Two new ransomware families like “WannaCrypt” and “Petya” targeted dated Windows operating systems and created havoc across the world, including at some places in India.
Now, with the official rollout of Windows 10 “Fall Creators” update, Microsoft wants to stay one step ahead in identifying and preventing security threats.