A computer scientist has discovered a bug that makes all computers running Chrome and other browsers vulnerable. What's going on
Chrome, Brave, Opera, Vivaldi, Blisk and even Microsoft Edge are at security risk. Because of Windows 10. It sounds unbelievable, but it's true: a single line of code contained in the operating system makes the sandboxes used by Chromium-based browsers useless.
This was discovered by researcher James Forshaw of Project Zero, the Google team that goes in search of security-related bugs in apps and operating systems. Forshaw was able to carry out several tests, using different methods, at the end of which he always managed to render the sandbox in which Chromium-based browsers run useless. This means that if a hacker were to learn about this bug (which Google will keep secret until Microsoft releases the security patch) he could execute dangerous code via an open website in the browser. This bug, at the moment, does not yet have a patch.
How the sandbox works
A sandbox is basically a container in which an application is run or a site is opened that executes code to interact with the user. Inside this container, which has no openings to the outside world, even a dangerous site or app is neutralized because, since it cannot access external and additional resources beyond those assigned to the sandbox itself, it cannot actually take control of anything. Most software that uses sandboxes, including Chromium-based browsers, do nothing more than rely on the sandboxing methods provided by the operating system. So if the operating system's sandbox has a hole, the browser has a hole as well. And that's exactly what James Forshaw discovered on Windows 10.
Why the sandbox doesn't work on Windows 10
Forshaw discovered that a single change to a single line of code introduced in the latest Windows 10 update changed the way sandbox tokens are handled. The tokens, in essence, are the security keys that are assigned to the browser to ensure that the application can only access certain assigned resources. The problem lies in these restricted tokens that, when managed in the new way, actually allow an application to leave the sandbox. Microsoft has been warned about this problem, but has not yet released a patch or issued an official statement on what to do in the meantime.