Earlier today, Microsoft slammed Google for declining their request to stop publishing Windows 8.1 vulnerability information before they could publish the patch. Microsoft urged Google to make protection of customers as the collective primary goal. Read more about it here. Here is an another example of how Google cares about general consumers. Google has decided to stop providing security updates for WebView on Android 4.3 and below users. For your information, there are about 930 million Android 4.3 and below users who will be under risk.
Here is Google’s response,
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.
“I’ve never seen a vulnerability response program that was gated on the reporter providing his own patch, yet that seems to be Google’s position. This change in security policy seemed so bizarre, in fact, that I couldn’t believe that it was actually official Google policy”, said Tod from Rapid7. So, when a security researcher publishes a exploit on Android 4.3 WebView, most probably it will never gets patched from now on. This will be a great news for cyber criminals who will exploit millions of users. C’mon Google, reconsider your decision.