Windows Updates are known to break people’s machines in different ways, but no one ever would have guessed it could bring dark days for other apps as well.
Last week, the Google Project Zero team made a surprising disclosure (via Forbes) that how a single line of Windows code broke the sandboxing feature in Chromium, which fuels the Chrome browser.
The issue lies in an update released for Windows 10 1903 that changed the way access tokens for a process are handled in Windows, thereby allowing a potential attacker to escape Chrome’s sandbox.
Access tokens contain a Windows user account’s security identifier (SID) and privileges that are tied to a process or thread. A new access token is generated when a user logs into their system and a copy of it is provided to all the processes being executed.
Chrome’s sandboxing functionality uses a Windows feature called Restricted Token, where the access token of a process is modified to cut down on the level of permissions it can have. Here, a modification made to the Windows kernel code messed up the feature and created a security risk.
Also Read: ‘Sandboxie’ Is Now Open-Source: A Windows Utility For Sandboxing Apps
Google Project Zero researcher James Forshaw has developed an exploit to demonstrate sandbox escaping for the GPU process in Chrome, Edge, and Firefox.
The security feature bypass vulnerability, if exploited in the wild, could h ..
Support the originator by clicking the read the rest link below.
