If you rely on Google Chrome – or Opera, Microsoft Edge, Brave, or any other web browser based on the open-source Chromium codebase – to work from home or keep in touch with friends or family while staying at home due to the ongoing coronavirus pandemic, you might want to avoid the latest update to Windows 10. That’s because Microsoft has broken a key security feature found in all Chromium-based web browsers with its latest Windows 10 1903 update, which is available to all users right now.
And worst of all, the subsequent fix for the issue is deleting files from users’ PCs during the update process – leaving millions of Windows 10 users worldwide caught between a rock and a very hard place. The important security feature, initially broken by Microsoft in its update, is the Chromium sandbox. For those who don’t know, this key feature allows users to run applications and browser extensions in a virtual environment that is completely separate from your operating system.
If the item you’re downloading happens to contain malware or another security threat, it won’t be able to creep into the rest of the operating system – it will be contained within the sandbox. Clearly, this is a vital feature to keep your most important documents, applications and more safeguarded from the worst offenders online.
Unfortunately, Windows 10 has broken it. Thanks to a new “security feature bypass vulnerability,” as Microsoft calls it in a recent update to customers, Windows 10 now fails to properly handle the feature. This vulnerability means cyber crooks could exploit the flaw to allow their apps to escape the confines of the sandbox to infect all parts of your PC.
In a nutshell, it stops the Chromium sandbox working as it’s supposed to – and leaves your entire PC vulnerable to downloads that would otherwise be safely contained.
Google found the issue and addressed the broken sandbox in its blog post, “The sandbox works on the concept of least privilege by using Restricted Tokens” – and since Windows 10 isn’t handling those tokens correctly, the operating system is now leaving your Windows 10 PC at risk.
Google Chrome is comfortably the most popular web browser on the planet. By most estimates, it accounts for around 67 percent of all desktop web browser traffic worldwide. Coupled with the one billion or so PC owners who use Windows 10, this flaw will impact a huge number of people.
And with people relying on their PCs more and more to work from home or keep in touch with friends and family, this could have devastating consequences.
Although Microsoft has had a number of issues with its Windows 10 updates in recent weeks, until now, these have only impacted its own applications and features. Following Windows 10 1903 Update, it is now causing problems with other developers’ software as well.
There is a patch available that solves the sandbox issues, but we wouldn’t recommend it. That’s because the solution, Windows 10 KB4549951, has been causing some equally serious problems for some users. This includes deleting users’ files from their machine during the update process.
Published at Mon, 04 May 2020 06:12:00 +0000