It is not a good week for Windows 10. There is practically no update in which something does not break. But this week the Redmond system takes the cake both for the blue screens and for the finding of a line of code Windows 10 that breaks the security on google chrome.
As we say, the latest Windows 10 update is giving some problems. First, some computers were affected by a glitch causing a loss of performance, but soon after, we learned of the resurgence of the blue screens of death (server has suffered two this week, by the way).
The discovery goes a little further. And it is that an investigator of the Zero project of Google (the ones in charge, by Google, to investigate security breaches in programs, hardware, and operating systems) has discovered that a line of code broke the security of Google Chrome.
And it’s not new: it introduced in the May 2019 update.
Which do you prefer, Windows 10 or Google Chrome? If we had known about this vulnerability, in the last year, many users would have asked ourselves that question.
And it is that, as researcher James Forshaw, from Project Zero, has described in a recent blog (via Forbes) called “You will not believe what a single code change can do to Chrome Sandbox.“ A slight change to the Windows 10 code In its 1903 update it broke the security of Google Chrome.
Windows 10 1903 was the May update to the operating system that introduced several significant changes. In April / May, the first major annual update of Windows 10 is usually made (Microsoft is already preparing this year’s). And in the last year, new features introduced that were well received by users.
However, a line of code was also changed that allowed to hack Google Chrome due to Windows 10 directly. This failure allowed a cybercriminal to bypass the Chrome sandbox. So he would have control of the system and access the data stored there.
Sandbox mode is quite common in programs and operating systems (Windows 10 introduced it last year, in fact). It is a protection that isolates specific applications so that, if something fails, it does not affect the rest of the system, as it is entirely isolated.
The problem is that, in this case, it is the operating system itself that allowed force entry into Chrome. Breaking that protection and leaving the software vulnerable. As Forshaw details, the Google Chrome sandbox is one of the best protections without requiring additional security. Still, all this is of no use if there is a failure in Windows since Chrome depends on the Microsoft system, and Google has no voice. I don’t vote when you change certain things in Windows 10 code.
The good news is that, almost a year later, Forshaw found the flaw and, by warning Microsoft. The Redmond people acted by changing that line to make Chrome somewhat more secure. But we have lived with that flaw a year without knowing it.
Now, why are there so many errors in Windows 10? The answer is simple, and, as we told you a while ago, the code has tons of lines. It weighs a lot and has been built based on generations ago. So it is tough to add something without breaking a previous function.
Sometimes it is minor nonsense; sometimes, it is a glitch causing a passing blue screen. And other times, it opens the door for hackers.