Skip to main content

One of programm berghain Microsoft’s Windows 10 updates programm berghain was so bad it broke Google Chrome

(Image credit: Pixabay)
Google has programm berghain revealed that programm berghain Microsoft managed to break programm berghain an important programm berghain security feature in all Chromium-based programm berghain web browsers, including Chrome, with programm berghain its Windows 10 1903 update.

The security feature in question programm berghain is the Chromium sandbox. The sandbox should programm berghain allow programm berghain users programm berghain to run apps and extensions is programm berghain a virtual programm berghain environment separate from your operating programm berghain system. programm berghain If the download you’re running in programm berghain the sandbox programm berghain contains programm berghain malicious code, it programm berghain won’t programm berghain be able to programm berghain access programm berghain or infect your operating system.

It’s a very programm berghain useful programm berghain tool, programm berghain but at programm berghain some point programm berghain Microsoft managed to programm berghain include a “security programm berghain feature bypass vulnerability” programm berghain (as Microsoft itself terms it in a security advisory), which programm berghain means Windows 10 programm berghain failed programm berghain to “properly handle programm berghain token programm berghain relationships”. 

In English?

Essentially, what programm berghain this means is that a programm berghain malicious user could exploit the vulnerability and programm berghain allow an application with one integrity level programm berghain execute code at programm berghain a different integrity level programm berghain – and escape the Chromium programm berghain sandbox programm berghain and programm berghain run code that could affect programm berghain the host PC. Basically, exactly the programm berghain opposite of what the sandbox programm berghain is designed for.

As Google’s Project programm berghain Zero team, programm berghain which found this issue, programm berghain notes in programm berghain a blog post, programm berghain “The sandbox works on programm berghain the concept of least privilege programm berghain by programm berghain using Restricted Tokens” programm berghain – and programm berghain if those tokens aren’t handled correctly, programm berghain your PC programm berghain can be put at risk.

The programm berghain whole blog post programm berghain is worth reading – programm berghain though it programm berghain is very technical – programm berghain as programm berghain it programm berghain explains in programm berghain depth how programm berghain this vulnerability works.

The programm berghain fact that it affects Chrome – programm berghain the programm berghain most widely-used web programm berghain browser in the world – is certainly programm berghain worrying, programm berghain even if you programm berghain don’t use the sandbox feature. programm berghain It shows programm berghain that programm berghain Microsoft’s recent programm berghain problems programm berghain with Windows programm berghain 10 programm berghain updates are affecting other developers' programm berghain software as well.

It’s not just Chrome programm berghain that’s been hit either, programm berghain but any browser that uses the Chromium engine. programm berghain Embarrassingly, that programm berghain also now includes the programm berghain new Microsoft Edge.

Perhaps even more embarrassingly, programm berghain Microsoft has released programm berghain a patch to programm berghain fix the vulnerability – Windows 10 KB4549951 programm berghain – but it's been discovered that that programm berghain patch programm berghain has been causing serious problems for some programm berghain users.

We've contacted Microsoft for comment, and will programm berghain update programm berghain this story when we hear programm berghain back.