Google Threat Analysis Group has released some information about a security flaw that allows privilege escalation in Windows when used in conjunction with a recently fixed Google Chrome vulnerability.
The new failure can give a malicious user full access to a machine.
Google recommends that Chrome users restart their browser to ensure that patches are applied. Microsoft recommends that users upgrade to Windows 10.
Security researchers at Google and Microsoft “caught” criminals who were using a combination of a Chrome vulnerability that has since been fixed along with an uncorrected Windows vulnerability to access Windows 7 systems.
This revelation hits the back responsible for disclosing vulnerabilities.
The failure of Windows resides in the kernel driver win32k.sys, while the Chrome bug is related to the FileReader component.
These two bugs relate to access to memory that should not be accessed by the user — a pretty serious flaw.
Most modern browsers use a sandbox to help protect against online attacks. This is similar to a virtual environment in which the sites and their code are run.
These sandboxes should ensure that untrusted codes can be scanned without accessing system resources.
However, combining these two bugs completely opens the door to malicious users. That is, a significant failure!
So with a few lines of code, you can access sensitive parts of the operating system and user files.
It should be noted that Google corrected this vulnerability last Friday. However, this fix is different from most updates.
Is that the most common come into effect immediately. This requires a manual restart by the user. So you will be safe from this failure.
However, Windows vulnerability still needs to be fixed.
Still, Microsoft believes that it only affects Windows 7 32-bit systems.
This is why Microsoft recommends that all users who are still running Windows 7 migrate to Windows 10.
If they do, goodbye fails!