Google and Microsoft aren’t exactly what we would call “best friends.” They’re competing on almost every front, including browsers, search engines, smartphones, and now tablets and operating systems as well. But every once in a while, Google gives Microsoft a shout out — usually to tell them that their products need work.
It’s not done in a vicious, attacking sort of way. Rather, it’s done with the typical smug condescension that Google so often has when dealing with its “lessers.” Their most recent commentary, reports Ars Technica, involves a Google engineer using a self-created research tool, unintentionally discovering a fundamental security risk in the current IE browser. The research tool is known as “cross_fuzz,” and is designed to check for issues within a browser. What he found was a gaping hole in how IE approaches CSS, one of the core coding languages in modern design.
The Googler had previously provided a copy of cross_fuzz for Microsoft, and the company had used the program to test their browser previously. When first given to Microsoft, however, the program didn’t turn up any errors. It was only with the most recent update that the tool showed the CSS vulnerability. According to a Microsoft spokesperson, “We immediately worked to reproduce the issue with the updated and original tool and are currently investigating it further to determine if it is actually exploitable.”
Of course, Microsoft isn’t the only group who received the tool: it was released to the public on the first of the year, and it’s undoubtedly true that someone else would have reported the error if the Google representative hadn’t. Of course, according to the report, the Googler decided to go public with the issue “because he believes Chinese researchers also recently discovered the same vulnerability.” But let’s be honest: Google loves being able to tell Microsoft when their stuff is broken.