A few days back, Google reported a couple of vulnerabilities --one affecting Google Chrome and another in Microsoft Windows that were being exploited together. In an attempt to curb it down, Google released an update for all Chrome platforms on March 1; this update was pushed through Chrome auto-update. The Chrome auto-update has already updated Chrome to 72.0.3626.121 or later. The second vulnerability was in Microsoft Windows. It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape. Google also said in a blog, "We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems." "The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes" In an attempt to mitigate the fix, the company adviced users to consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. Source
Read Here»
Subscribe to:
Post Comments (Atom)
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.