Blog

Windows 10 Update Breaks Google Chrome Security

Permlink | Comments
By: Anton McClure;
Published:
Tags: Technology; Security; Google;

Google revealed that Microsoft broke an important security feature in Google's Chrome browser.

Image by Deepanker Verma (deepanker70). Image licensed under the Pixabay License.
Image by Deepanker Verma (deepanker70). Image licensed under the Pixabay License.

Microsoft has been making the news a lot for Windows Updates issues. Google has recently revealed that an update to Windows 10 1903 broke an essential security feature in Google Chrome.

The update includes a security feature bypass vulnerability, as termed by Microsoft, which means attackers can let an application run code at a different integrity level the application, and escape the sandbox environment that Chrome runs in - the opposite of the sandbox's purpose.

Google's Project Zero team made a very detailed and technical writeup of the issues it caused, and I suggest you give it a read if interested. Google's team wrote that "the sandbox works on the concept of least privilege by using Restricted Tokens." The latest Windows 10 update issues that broke token relationships will put PCs at risk.

Google Chrome alone is already the most widely-used web browser, let alone every chromium-based browser, including the new chromium-based Microsoft Edge, which has embarrassingly also been affected by this issue.

The execution chain used by the Project Zero team involves almost 20 steps before the user escapes from the sandbox.

This issue is bad for Google and especially bad for Microsoft. Something must have been done wrong in an update if it can unintentionally break security features on a third-party program, especially a program as popular as Google's Chrome and Chromium browsers.

Microsoft reportedly fixed the issue with CVE-2020-0981: Windows Token Security Feature Bypass Vulnerability, and is downloadable from the Microsoft Update Catalog.

Updates are to follow as more information becomes available from Microsoft, Google, or by third-parties regarding these security issues.


Also on:


About the Author

Recent Posts

Image from piqsels. Licensed under public domain.
How Software as a Service (SaaS) Can Improve Your Business

By: Anton McClure;
Published: July 1, 2020
Tags: Technology; SaaS; Business;
You want your business to be successful, and modern cloud technologies such as SaaS can help make that success happen.

Title card - Image features an SSH connection Lily Winter's
How to Get Started with Tildes

By: Anton McClure;
Published: June 30, 2020
Tags: Technologies; Tildes; Open Computing;
Many public-access servers called "tildes", many of which are actively accepting new users. Here's how you can join and start making the most of your new tilde account.

Image by Pete Linforth (TheDigitalArtist). Image licensed under the Pixabay License.
Microsoft Gives Linux and Android a Significant Security Upgrade

By: Anton McClure;
Published: June 24, 2020
Tags: Android; Linux; Microsoft; Security;
Microsoft has released their Defender ATP platform for Linux and Android devices. Here are some of the benefits it brings, and how you can deploy it.

Image from pxfuel. Free for commercial use.
Making the Internet and its Content Accessible for More People

By: Anton McClure;
Published: June 14, 2020
Tags: General; Internet;
Mobile devices are bringing the Internet to more people than ever before. Here's ways we can improve their online experience.

Screenshot from me deleting a WordPress site from my VPS.
(Why) I Won't Use WordPress, and Why You Shouldn't Either

By: Anton McClure;
Published: June 5, 2020
Tags: Technology; Alternatives; Security; Internet;
WordPress is popular, but there are better programs out there.

Image by OpenClipart-Vectors. Image licensed under the Creative Commons Zero (CC0) license.
Zoom Free Users Will Not Have End-to-End Encryption

By: Anton McClure;
Published: June 4, 2020
Tags: Technology; Encryption; Alternatives;
Zoom CEO has stated free users will not get end-to-end encryption. Here are some good alternatives to Zoom you could use instead.