Windows 10 News and info | Forum
June 01, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Google Just Gave Millions Of Users A Reason To Quit Windows 10  (Read 65 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 31444

I Do Windows

WWW Email
« on: April 24, 2020, 04:57:17 PM »

Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. Unfortunately, now Google has detailed a serious new problem in Chrome which cannot be fixed, and it's all down to Windows 10.  

Google researchers have revealed a flaw in Chrome which cannot be fixed

Edit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave, and Microsoft and will update when I have more information.

In a fascinating post titled ‘You Won't Believe what this One Line Change Did to the Chrome Sandbox’, Google’s Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chrome’s security with just a single line of misplaced code. Given Windows 10’s appalling recent update record, that’s not reassuring for either browser or platform.

“The Chromium sandbox [a security mechanism to stop failures from spreading to other software] on Windows has stood the test of time,” Forshaw explains. “It’s considered one of the better sandboxing mechanisms deployed at scale without requiring elevated privileges to function. For all the good, it does have its weaknesses. The main one being the sandbox’s implementation is reliant on the security of the Windows OS. Changing the behavior of Windows is out of the control of the Chromium development team. If a bug is found in the security enforcement mechanisms of Windows then the sandbox can break.”

And that’s exactly what happened. Forshaw states that Microsoft introduced a Windows 10 1903 update that enables online attacks conducted in the Chrome browser to break its security and spread into Windows itself. He subsequently found multiple ways to escape Chrome’s security. In outlining the different options, he warned: “I hope this gives an insight into how such a small change in the Windows kernel can have a disproportionate impact on the security of a sandbox environment.”

The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed.

It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may be tempted to quit Windows 10 if you are more wedded to your browser than your operating system.

If you prefer to stay put, one ray of light is a recent tip-off that Microsoft might be making fundamental changes to Windows 10 updates but, for now, users have a decision to make.

« Last Edit: April 25, 2020, 11:00:42 PM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 27, 2020, 07:12:15 PM