As it is known, Microsoft is releasing new updates for bug fixes in Windows 10, but it turned out that one of the Windows 10 updates has damaged the security of the Google Chrome browser.
After an update from Microsoft, it was noticed that there was a Windows 10 kernel error related to the protected area of Google Chrome. A security researcher found the vulnerability in Chrome from the Project Zero team. It was stated that the vulnerability occurred in the 1903 version of the operating system released on May 21, 2019.
Protected area of Google Chrome; It is known as a safe environment that reduces browser operations to low-level permissions and separates them from the rest of the system to prevent damage if they are compromised by malicious people. “The implementation of the main sandbox depends on the security of the Windows operating system,” said James Forshaw of the Project Zero team, who made a statement on the subject.
Vulnerability noticed in Google Chrome:
However, Google warned of a critical vulnerability detected in Chrome in its statement. The vulnerability with code CVE-2020-6457 allows cyber attackers to run unsafe codes thanks to the vulnerabilities occurring in the system. The vulnerability poses a threat to nearly two billion users, especially Mac and Linux users.
Noticing the error, Google released an update with version 81.0.4044.113. To find out if you have the update, you need to open the browser and go to the ‘About Google Chrome’ section from the ‘Help’ tab in the Menu section. Continuing his statement on the security vulnerability in Chrome, Forshaw said, “Changing the behavior of Windows is beyond the control of the Chromium development team. “If an error is found in the security application mechanisms of Windows, the protected area may be damaged.”
Google’s security researcher was able to use this error to create a complex chain of execution that allowed it to escape its Chrome sandbox. In addition, Forshaw also used several additional Windows weaknesses to escape Chrome’s sandbox.