- Jun 9, 2013
- 6,720
Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser. James Forshaw, a researcher with Google’s Project Zero first reported the issue in December 2014. Microsoft responded to Google a month later saying it didn’t consider the issue worthy of a fix. Forshaw and Google marked the issue as “WontFix” and removed the view restriction on the disclosure. It’s been more or less on ice since then. Microsoft’s stance changed at some point over the past 23 months however; Forshaw acknowledged in a post on the Project Zero Google Group early Wednesday morning that Microsoft has fixed the issue in a recent Windows 10 fix. It’s unclear whether Microsoft addressed the issue in a hotfix or via a silently issued patch but according to Forshaw, it has been reflected in the “latest few major builds of Windows 10 (10586+)” The issue, a limited bypass of traverse permissions, affected the Kernel Object Manager in Windows 7 (32/64 bit) and 8+. In 2014, Forshaw warned it could be possible for low privilege code to “access some device objects where it shouldn’t be possible [to] even determine they exist” in Chrome.
See more at: Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass https://wp.me/p3AjUX-vMD
See more at: Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass https://wp.me/p3AjUX-vMD
