30.6 C
Monday, June 21, 2021

Google has a Chrome zero-day warning for Windows users

Must read

Google has revealed a zero-day vulnerability affecting Windows 7,8 and 10 users which Microsoft is yet to fix. Microsoft is expected to fix the issue on November 10 and it is highly advisable that Window users update their PCs immediately. As per Ben Hawkes, Google’s Project Zero team lead, this Windows zero-day– CVE-2020-17087–is used to launch a combined attack along with a Chrome zero-day identified as CVE-2020-15999. The Chrome zero-day is said to be patched already but the Windows one is still live.

“Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley that this is targeted exploitation and this is not related to any US election related targeting,” tweeted Hawkes.
Google had notified Microsoft about the vulnerability last week and gave Microsoft 7 days time to fix the issue. As Microsoft did not fix it in the allotted, Google has revealed the details of the bug publicly.
Google has provided the source code of a proof-of-concept program. “It was tested on an up-to-date build of Windows 10 1903 (64-bit), but the vulnerability is believed to be present since at least Windows 7. A crash is easiest to reproduce with Special Pools enabled for cng.sys, but even in the default configuration the corruption of 64kB of kernel data will almost surely crash the system shortly after running the exploit,” said Google in its report.

Source link

- Advertisement -

More articles


Please enter your comment!
Please enter your name here

- Advertisement -

Latest article