Google has a Chrome zero-day warning for Windows users

0

Google has revealed a zero-day vulnerability affecting Windows 7,8 and 10 users which Microsoft is yet to fix. Microsoft is expected to fix the issue on November 10 and it is highly advisable that Window users update their PCs immediately. As per Ben Hawkes, Google’s Project Zero team lead, this Windows zero-day– CVE-2020-17087–is used to launch a combined attack along with a Chrome zero-day identified as CVE-2020-15999. The Chrome zero-day is said to be patched already but the Windows one is still live.

“Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley that this is targeted exploitation and this is not related to any US election related targeting,” tweeted Hawkes.
Google had notified Microsoft about the vulnerability last week and gave Microsoft 7 days time to fix the issue. As Microsoft did not fix it in the allotted, Google has revealed the details of the bug publicly.
Google has provided the source code of a proof-of-concept program. “It was tested on an up-to-date build of Windows 10 1903 (64-bit), but the vulnerability is believed to be present since at least Windows 7. A crash is easiest to reproduce with Special Pools enabled for cng.sys, but even in the default configuration the corruption of 64kB of kernel data will almost surely crash the system shortly after running the exploit,” said Google in its report.

For the latest tech news and updates, Install TechCodex App, and follow us on Google News,  Facebook, and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.

Source

Get real time updates directly on you device, subscribe now.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More