Jump to content
Facebook Twitter Youtube
GFX Designer Recruitment Campaign
Moderators Recruitment
Classic Server Cs 1.6 Server
Technical Issues

[Software] One of Microsoft’s Windows 10 updates was so bad it broke Google Chrome

Mark-x

By Mark-x,
in Software

 Share

Recommended Posts

Mark-x Newbie

Mark-x

Posted
Posted

Google has revealed that Microsoft managed to break an important security feature in all Chromium-based web browsers, including Chrome, with its Windows 10 1903 update.The security feature in question is the Chromium sandbox. The sandbox should allow users to run apps and extensions is a virtual environment separate from your operating system. If the download you’re running in the sandbox contains malicious code, it won’t be able to access or infect your operating system.

 

It’s a very useful tool, but at some point Microsoft managed to include a “security feature bypass vulnerability” (as Microsoft itself terms it in a security advisory), which means Windows 10 failed to “properly handle token relationships”.

 

 

Essentially, what this means is that a malicious user could exploit the vulnerability and allow an application with one integrity level execute code at a different integrity level – and escape the Chromium sandbox and run code that could affect the host PC. Basically, exactly the opposite of what the sandbox is designed for.As Google’s Project Zero team, which found this issue, notes in a blog post, “The sandbox works on the concept of least privilege by using Restricted Tokens” – and if those tokens aren’t handled correctly, your PC can be put at risk.

 

The whole blog post is worth reading – though it is very technical – as it explains in depth how this vulnerability works.The fact that it affects Chrome – the most widely-used web browser in the world – is certainly worrying, even if you don’t use the sandbox feature. It shows that Microsoft’s recent problems with Windows 10 updates are affecting other developers' software as well.

 

It’s not just Chrome that’s been hit either, but any browser that uses the Chromium engine. Embarrassingly, that also now includes the new Microsoft Edge.Perhaps even more embarrassingly, Microsoft has released a patch to fix the vulnerability – Windows 10 KB4549951 – but it's been discovered that that patch has been causing serious problems for some users.We've contacted Microsoft for comment, and will update this story when we hear back.

 

enCNPo3ZFN63WQpTnG6abV-1024-80.png.webp

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

WHO WE ARE?

CsBlackDevil Community [www.csblackdevil.com], a virtual world from May 1, 2012, which continues to grow in the gaming world. CSBD has over 70k members in continuous expansion, coming from different parts of the world.

 

 

Server Zone

Helpful Links

Important Links

VERSION 2.4.0

THEME BY TECTONICPX.COM
© 2012 - 2025 CSBD Community

Licensed to: CsBlackDevil.Com Powered by Invision Community


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept