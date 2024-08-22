Microsoft finds critical hole in operating system that for once isn't Windows Oh wow, get a load of Google using strcpy() all wrong – strcpy! Haha, you'll never ever catch us doing that

Microsoft has described a severe ChromeOS security vulnerability that one of its researchers reported to Google in late April.

The bug was promptly fixed and, about a month later, merged in ChromeOS code then released on June 15, 2022 and detailed by Redmond in a report released on Friday.

Microsoft's write-up is noteworthy both for the severity (9.8 out of 10) of the bug and for flipping of the script – it has tended to be Google, particularly its Project Zero group, that calls attention to bugs in Microsoft software.

At least as far back as 2010, Google security researchers made a habit of disclosing bugs in software from Microsoft and other vendors after typically 90 days – even if a patch had not been released – in the interest of forcing companies to respond to security flaws more quickly.