Microsoft Details Critical Vulnerability in ChromeOS

by
janrinok
from on (#62WZ1)

upstart writes:

Microsoft details critical vulnerability in ChromeOS:

Microsoft finds critical hole in operating system that for once isn't WindowsOh wow, get a load of Google using strcpy() all wrong - strcpy! Haha, you'll never ever catch us doing that

Microsoft has described a severe ChromeOS security vulnerability that one of its researchers reported to Google in late April.

The bug was promptly fixed and, about a month later, merged in ChromeOS code then released on June 15, 2022 and detailed by Redmond in a report released on Friday.

Microsoft's write-up is noteworthy both for the severity (9.8 out of 10) of the bug and for flipping of the script - it has tended to be Google, particularly its Project Zero group, that calls attention to bugs in Microsoft software.

At least as far back as 2010, Google security researchers made a habit of disclosing bugs in software from Microsoft and other vendors after typically 90 days - even if a patch had not been released - in the interest of forcing companies to respond to security flaws more quickly.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title
Feed Link https://soylentnews.org/
Reply 0 comments