A new Windows 10 bug released by Google has raised the controversy.
There are certain safety related practices in the industry; It is not mandatory to follow them, but it is the best for everyone.
For example, let’s say that a company discovers a bug in a program created by others; The best practice here would be to notify the original creators so that they can cover the bug, before going public.
This is the Windows 10 bug published by Google
That’s not what Google has done, posting a Windows 10 zero bug; that means that Microsoft was not aware of this bug, and therefore has no action against him.
The bug is especially dangerous because allows you to escape from the Windows sandbox; A sandbox is a container that prevents programs from accessing parts of the system that should not be accessed.
It is a major bug, even more so because Google has confirmed that it is already being used by hackers.
Has Google done well to publish the bug?
By posting this bug, Google may have put millions of users at risk; This is how Microsoft sees it, which accuses Google of not following the good practices of the industry. But is he right?
The truth is that Google did not publish the vulnerability as soon as it was discovered; On October 21, Google notified Microsoft and Adobe that it had found two zero-day bugs, one in Windows 10 and the other in Flash.
Adobe has already released an update that fixes its bug, but not Microsoft. So, ten days after the notice, Google has decided to publish the details so that users can take the necessary steps to protect themselves.
In security, secrecy never works. It is better to know that the bug is being exploited, than to be ignorant and not protect ourselves.