The Verge spotted a controversial post on Google’s Online Security Blog in which the company says it will now publish security vulnerabilities discovered by its security researchers after just seven days rather than the existing sixty.

The policy affects what Google terms “critical vulnerabilities under active exploitation” – in other words, weaknesses that can do Bad Stuff to users and which are already being used by attackers …  expand full story