Researchers at Google have found previously unkown vulnerabilities – one in Google Chrome and the other in Microsoft Windows – that they say attackers have been exploiting in tandem. Both zero-day vulnerabilities could allow hackers to escape the “sandboxes” that software programs use as safeguards against malicious activity. The vulnerability in Chrome, the web’s most popular browser, affects Chrome’s FileReader API, and could allow an attacker to carry out remote code execution. The Windows vulnerability, which Google researchers had been exploited on Windows 7, could give a hacker the ability to escalate privileges on a certain Windows kernel driver, letting the attacker break out of a security sandbox. Google has released a patch for the Chrome vulnerability, while Microsoft is still working on its own, according to Clement Lecigne, a researcher with Google’s Threat Analysis Group. “The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser […]
The post Google researchers uncover two zero-days affecting Chrome, Windows appeared first on CyberScoop.
Continue reading Google researchers uncover two zero-days affecting Chrome, Windows→