Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
hitko31455yOkay that article is just a pile of crap. First, Windows 1903 is May 2019 update, not May 2020 as stated through the article (and which is still in testing, so bugs there aren't a concern). Second, the bug was already fixed two weeks before that article was published. And third, this bug is about a process running in sandbox mode (e.g. Chromium GPU process) escalating it's privileges through certain system-level commands; for this to be more than just a potential problem in case someone successfully gains control over browser through other exploits, there would need to be a corresponding vulnerability in browser code.
Finally, while article states that "Microsoft has yet to make any statement", it's clear from https://bugs.chromium.org/p/... and https://portal.msrc.microsoft.com/e... that MS acknowledged it and agreed to disclose details before the 90-day deadline - a clear statement this bug isn't a big concern. -
@hitko but the fact that it wasn’t tested leads to some concern that other areas of the OS could be at risk. I’d like to they’ve been closed now if there were any, but it’s just one of those things.
-
hitko31455y@err-occured Tested? You mean like unit tests or something? That's not how it works. The only reason a bug like this poses any risk is because it can potentially be used to build a chain of exploits, and these tings aren't something you can test for, you can only discover and fix them, which is exactly what they did, and what they do all the time anyway.
Related Rants
-
-vim-14Waisting some times on codewars.com ~~~~ 3 kyu challenge: Given a string with mathematical operations like ...
-
ebilgenius2The most daunting thing about colonizing Mars is rewriting the Date class in Java.
-
uziiuzair5The Internet: where men are men, women are men, and children are FBI agents.
How the fuck is this even possible Microsoft, apparently one line of code breaks web browser sandboxing on all chromium based browsers.
https://slashgear.com/windows-10-19...
rant
web browsers
one liner
sandboxing