Barney's Blog

Blog archive

Google Passes the Buck

There is a zero-day exploit that impacts Google's Chrome browser -- but it is definitely not Google's fault. Says who? Google.

Google is probably right, but blaming Adobe for this hole is bad PR. Microsoft doesn't play it this way, and doesn't slam third parties for such flaws.

OK, here is the skinny and then I'll get back to sarcasm: The flaw lets jerks slide past the Chrome sandbox and basically do whatever they want with your computer. I'm not sure how such a violation is totally Adobe's fault.

And while Microsoft releases monthly patches (and well-publicized explanations), Google disclosed the problem through Twitter. Adding to the misery, the tweets used an acronym I've never heard of. Here is one message from Chris Paoli's fine report: "It's a legit pwn, but if it requires Flash, it's not a Chrome pwn," wrote Chris Evans, Google's information security engineer and tech lead, in a Tweet this morning. "Do Java bugs count as a Chrome pwn too, because we support NPAPI?"

Am I stupid not knowing what ‘pwn' or “NPAPI” mean or is Evans a moron assuming that I do?

Does Google need to grow a pair as Microsoft has, or am I tragically biased? Biased and reasonable responses equally welcome at dbarney@redmondmag.com.

Posted by Doug Barney on 05/13/2011 at 1:18 PM


Featured

  • Microsoft Deprecating Windows To Go

    Microsoft plans to put an end to its Windows To Go product in the near future, according to a Friday support article.

  • Microsoft Releases Hyper-V Server 2019 After Long Delay

    Acknowledging that the release took "way too long," Microsoft has made Hyper-V Server 2019 available for download from the Microsoft Evaluation Center page.

  • Forklift Container

    A Better Way To Upgrade Hyper-V Storage

    It's time again for Brien to perform a major storage upgrade on his Hyper-V hosts. But this time, he's taking a new approach.

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.