In an ongoing rivalry for browser superiority, Microsoft has publicly condemned Google's handling of a zero day exploit that was found in Chrome. This may be a retaliation against Google for disclosing a Windows privilege escalation vulnerability before Microsoft was able to patch it.
Microsoft is calling for Google to change its release process for Chrome because bug fixes often make their way to Github before regular users receive updates. Giving the general public access to source code before regular release channels makes it significantly easier to find vulnerabilities that could be used in between when code is published to Github and the time that the final bug fix is pushed out.
It should be noted that Google is not actively revealing vulnerabilities when sharing source code, but closely examining change logs and differences between revisions can make it easy for skilled individuals to find them. Microsoft's own policy is to "ship fixes to customers before making them public knowledge," in order to protect end users as best as possible.
Microsoft mentions that even though some components of Edge browser are actually open source, such as Chakra JavaScript engine, changes in code are not released until final builds are distributed.
From Google's standpoint, it fully cooperated with Microsoft in patching the vulnerability that was discovered and reported by Microsoft's Offensive Security Research team on September 14. A reward of $7,500 was offered to Microsoft for the remote code execution issue discovered in addition to $7,887 given for other bugs reported. Google also donated $30,000 to the Denise Louie Education Center in Seattle, Washington on behalf of Microsoft.
https://www.techspot.com/news/71483-microsoft-criticizes-google-over-handling-chrome-exploit.html
