Google has revealed that Microsoft has successfully broken an important security feature in all Chromium-based web browsers, including Chrome, with its Windows 10 1903 update. The security feature in question is the Chromium sandbox. The sandbox must allow users to run applications and extensions in a virtual environment separate from their operating system. If the download you are running in the sandbox contains malicious code, it will not be able to access or infect your operating system. It's a very useful tool, but at one point, Microsoft managed to include a "security bypass vulnerability" (as Microsoft calls it in a security advisory), meaning Windows 10 couldn't "properly manage token relationships". .
In English?
Essentially, this means that a malicious user could exploit the vulnerability and allow an application with one integrity level to execute code at a different integrity level, and escape the Chromium sandbox and execute code that could affect the host PC. Basically the exact opposite of what the sandbox is designed for. As the Google Project Zero team, who encountered this problem, points out in a blog post: "The sandbox works on the concept of least privilege by using restricted tokens," and if those tokens are not treated correctly, your PC can to be in danger. The entire blog post is worth reading, even though it is very technical, because it explains in detail how this vulnerability works. The fact that it affects Chrome, the most widely used web browser in the world, is certainly concerning, even if you are not using the sandbox feature. This shows that Microsoft's recent issues with Windows 10 updates are also affecting software from other developers. Not only Chrome has been affected, but any browser that uses the Chromium engine. Annoyingly, this also includes the new Microsoft Edge. Even more embarrassing, Microsoft released a patch to fix the vulnerability, Windows 10 KB4549951, but this patch was found to be causing serious issues for some users. We have reached out to Microsoft for comment and will update this story when we respond. Today's Best Laptop Deals - Stock Checked Every 30 Minutes - Acer Refurbished Chromebook, 14" Display, Intel Celeron, 4GB Memory, 32GB Flash,... Acer Refurbished Chromebook, 14" Display, Intel Celeron , 4 GB memory, 32 GB Flash, Chrome OS, NX.GJEAA. 001
Refurbished Acer Chromebook,...
HP 14 "32 GB 14-db0060nr ... Dell Chromebook 11 HD 11.6 inch ... HP Chromebook 14-ak030nr -... HP Chromebook 14-db0070nr ... Microsoft Surface Go 8 GB ...