July 2014, Google launched it's project zero initiative to identify Zero-Day vulnerabilities in commercial software thus making computing generally more secure.
Google's modus operandi is to inform affected vendors and give them 60 days to release patches. After the 60 day window, they go public even if a patch is not yet available.
There have been situations where Microsoft has not been able to release a public patch within that 60-day Window and obviously this has created a tense relationship between Google and Microsoft.
You can read this Microsoft blog entry about their disappointment with google. not wanting to take the hit and move on, it looks like Microsoft security research has been looking for flaws in Google's products and found 2 bad ones. Realizing security is now a major differentiator, they decided to play Google's game and disclose the vulnerabilities after an elapsed wait time.
Here is a sentence that takes a jab at Google's Chrome while praising their own Microsoft Edge security architecture :
Microsoft justified the release of the detailed vulnerability information with this sentence:
I think large well-funded companies should be doing general security research and helping improve the overall security of the entire ecosystem. I wish they could agree on a more friendly approach to vulnerability disclosure, not leaving their customers open and unprotected. This should not become a marketing tool but more of a commitment to societal improvement.
A guy can dream, can't he?