Please explain what Google should do. Give Microsoft less time to fix the hole (and thereby also give attackers less time to use the hole), give Microsoft and the attackers more time, give Microsoft and the attackers unlimited time, or try not to find security problems at all? Which of these is least evil?