In a blog post, Redmond examined Google's browser security and took the opportunity to throw some gloom at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.
It slammed Google for the way it handled the patching process. Prior to the patch's official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month", the blog post said. "That is more than enough time for an attacker to exploit it."
In the past Google has also disclosed vulnerabilities found in Microsoft products - including Edge.