• About
  • Advertise
  • Careers
  • Contact
Friday, March 31, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

How A Single Line Of Windows Code Could Have Brought Dark Days For Us

by Cyber360 News
April 27, 2020
in Security
0
How A Single Line Of Windows Code Could Have Brought Dark Days For Us
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Windows Updates are known to break people’s machines in different ways, but no one ever would have guessed it could bring dark days for other apps as well.

Last week, the Google Project Zero team made a surprising disclosure (via Forbes) that how a single line of Windows code broke the sandboxing feature in Chromium, which fuels the Chrome browser.

The issue lies in an update released for Windows 10 1903 that changed the way access tokens for a process are handled in Windows, thereby allowing a potential attacker to escape Chrome’s sandbox.

Access tokens contain a Windows user account’s security identifier (SID) and privileges that are tied to a process or thread. A new access token is generated when a user logs into their system and a copy of it is provided to all the processes being executed.

Chrome’s sandboxing functionality uses a Windows feature called Restricted Token, where the access token of a process is modified to cut down on the level of permissions it can have. Here, a modification made to the Windows kernel code messed up the feature and created a security risk.

Also Read: ‘Sandboxie’ Is Now Open-Source: A Windows Utility For Sandboxing Apps

Google Project Zero researcher James Forshaw has developed an exploit to demonstrate sandbox escaping for the GPU process in Chrome, Edge, and Firefox.

The security feature bypass vulnerability, if exploited in the wild, could have compromised millions of devices across the globe as various Chromium-based web browsers rely on this technology. The list includes popular browsers such as Opera, and also Firefox which uses the sandboxing feature alone.

Thankfully, Microsoft acknowledged the problem and released a fix as part of April’s Patch Tuesday update. However, it mentioned that the exploitation of the vulnerability is less likely. Nonetheless, this has come up as an example of how a small change in the Windows OS can threaten the security of web browsers.

Meanwhile, how the code change happened remains a mystery; of course, it wasn’t intentional as Microsoft quickly issued a fix for it. It could be possible “that someone was updating the code and thought that this was a mistake and so “fixed” it,” Forshaw wrote in his blog post as he tried to guess the reason.

“Perhaps there was no comment indicating its purpose, or just the security critical nature of the single line was lost in the mists of time.”

Cyber360 News

Cyber360 News

Next Post
Hacking Microsoft Teams accounts with a GIF image

Hacking Microsoft Teams accounts with a GIF image

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In