[ad_1]
Google is always improving Chrome and recently issued a brilliant update (if a long time ago). That said, there have also been some recent controversial changes, security issues and data concerns And now Google has detailed a serious new problem in Chrome that can’t be fixed. The result is that users may be forced to choose between Windows 10 and Chrome.
Google researchers have revealed a flaw in Chrome that cannot be fixed
in a fascinating post Entitled “You Won’t Believe What This One Line Change Did To The Chrome Sandbox,” Google Project Zero researcher James Forshaw revealed that Chrome relies entirely on Windows 10 code to stay safe. Additionally, Forshaw explains that a new Windows 10 update recently broke Chrome security with a single line of code out of place. Given Windows 10 appalling recent to update RecordThis is not reassuring for the browser or the platform.
“Chrome sandbox [a security mechanism to stop failures from spreading to other software] on Windows it has stood the test of time, “explains Forshaw.” It is considered one of the best sandboxing mechanisms implemented at scale without requiring elevated privileges to function. For all the good, it has its weaknesses. The main one is that the implementation of the sandbox depends on the security of the Windows operating system. Changing Windows behavior is beyond the control of the Chromium development team. If an error is found in Windows security mechanisms, the sandbox may break. “
And that is exactly what happened. Forshaw claims that Microsoft introduced a Windows 10 1903 update that allows online attacks made in the Chrome browser to break its security and spread to Windows itself. He subsequently found multiple ways to escape Chrome security. Describing the different options, he cautioned, “I hope this gives you an idea of how such a small change in the Windows kernel can have a disproportionate impact on the security of a sandbox environment.”
The good news is Forshaw alerted Microsoft to the problem and the company released a patch (CVE-2020-0981) fix it. That said, the fundamental flaw identified by Forshaw still remains: Google Chrome security on Windows 10 depends on Microsoft and that cannot be changed.
Perhaps working against Windows is the fact that other Chromium-based browsers are at the same risk, and that means you may be tempted to abandon Windows 10 instead of Chrome / Chromium browsers if you’re married to a variant in particular and understandably concerned about Microsoft very trembling update log.
All of which means Fundamental improvements of Windows 10 update they are more important than ever
___
Follow Gordon on Facebook
More about Forbes
New Google tab groups revitalize Chrome browser
Massive changes proposed for Microsoft Windows 10 updates
Google confirms serious vulnerabilities in the Chrome browser, issues a major solution
