How the fuck is this even possible Microsoft, apparently one line of code breaks web browser sandboxing on all chromium based browsers.


  • 0
    Okay that article is just a pile of crap. First, Windows 1903 is May 2019 update, not May 2020 as stated through the article (and which is still in testing, so bugs there aren't a concern). Second, the bug was already fixed two weeks before that article was published. And third, this bug is about a process running in sandbox mode (e.g. Chromium GPU process) escalating it's privileges through certain system-level commands; for this to be more than just a potential problem in case someone successfully gains control over browser through other exploits, there would need to be a corresponding vulnerability in browser code.

    Finally, while article states that "Microsoft has yet to make any statement", it's clear from https://bugs.chromium.org/p/... and https://portal.msrc.microsoft.com/e... that MS acknowledged it and agreed to disclose details before the 90-day deadline - a clear statement this bug isn't a big concern.
  • 0
    @hitko but the fact that it wasn’t tested leads to some concern that other areas of the OS could be at risk. I’d like to they’ve been closed now if there were any, but it’s just one of those things.
  • 0
    @err-occured Tested? You mean like unit tests or something? That's not how it works. The only reason a bug like this poses any risk is because it can potentially be used to build a chain of exploits, and these tings aren't something you can test for, you can only discover and fix them, which is exactly what they did, and what they do all the time anyway.
Add Comment