There's been some speculation that they're all-hands-on-deck trying to respond to the vault7 leaks and implications thereof, and thus these vulns are left to rot on the vine.
I reported an issue a week ago and they have had developers verifying it beginning of this week. And that was a low impact bug. The previous issue I reported took 4 months to be verified and then another 3 to be patched. So my view at least is that not everyone is handling leaks.
> Windows users who want to take extra precautions should consider using a 64-bit version of the Chrome browser instead of Edge or IE until the latter two browsers are patched
Eugh. Is this a sponsored post on Ars or is there really this level of tone-deafness w.r.t. responsible unbiased journalism?
"Company A finds vulnerability in competitor's product. We recommend using Company A's product instead (despite there being other competitors)"
On a similar note, the original Project Zero reporter didn't actually bother to test this in Edge before reporting it. I assume this has since been positively confirmed in Edge or is it still just speculation?
Personally I don't think it's a sponsored post. If the author of the post didn't recommend something to workaround the issue, readers (especially non-technical one) might think there's no solution to the problem.
Ideally the author should have mentioned about Firefox as well but he/she might not have used browsers other than Chrome, IE/Edge.
