An error on windows 10 caused Chrome's security system to be broken

A fairly serious bug that has just appeared on the recently released Windows 10 update completely disrupts Chrome's security system. James Forshaw, a security researcher at Project Zero at Google, revealed that Chrome's security mechanism is completely based on the code of the Windows 10 operating system.

Specifically, a line of Windows 10 code that was written in the wrong place causes Chrome Sandbox to crash. Chrome's sandbox is a security mechanism to prevent the spread of an incident to other software on Windows. This sandbox mechanism can be quickly deployed without requiring high level access from the operating system. However, the deployment of the sandbox depends entirely on the security mechanism of the Windows operating system, while changing Windows is not under the control of the Chromium development team. Therefore, the sandbox will be corrupted if an error is found in the security mechanism of Windows.

An error on windows 10 caused Chrome's security system to be broken Picture 1

According to Forshaw, the recent update of Microsoft Windows 10 1903 inadvertently allowed attacks to be performed within the Chrome browser itself to circumvent security mechanisms and infect the Windows 10 operating system.

A number of other vulnerabilities in Windows 10 that can help attacks escape the security mechanism on Chrome have been discovered by this security expert. Forshaw warns that a small change in the kernel of Windows could seriously impact the security of the sandbox.

Forshaw sent its warning to Microsoft, the tech giant then released a patch called CVE-2020-0981 to fix it.

However, the vulnerability that Forshaw mentioned still exists and the security mechanism of Google Chrome browser on Windows 10 still depends entirely on Microsoft.

1. Microsoft released emergency patch updates for Windows 10