_________________________________________________________________________________
On the same subject matter:
https://news.ycombinator.com/item?id=24947247
The link goes to the comments section. This one doesn't:
https://arstechnica.com/information-technology/2020/10/googl...
Seems like they conveniently waited to fix Chrome bug before going ballistic at Microsoft.
Project Zero's disclosure policy as described in the article appears to leave little room, if any, for the bias you appear to be implying:
> In keeping with long-standing policy, Google’s vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it’s under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.
In addition, the two bugs appear to be unrelated other than being used as part of the same attack chain. The Chrome/FreeType vulnerabilities were reported on 2020-10-19 [0, 1], while the Windows vulnerability was reported on 2020-10-22 [2]. The Chrome team released a fix for their bug the day after the it was reported [3], while Microsoft is either still working on fixing the bug or is waiting for Patch Tuesday.
[0]:
https://bugs.chromium.org/p/chromium/issues/detail?id=113996...
[1]:
https://savannah.nongnu.org/bugs/?59308
[2]:
https://bugs.chromium.org/p/project-zero/issues/detail?id=21...
[3]: