In today’s world, trusting Google with someone’s data is highly questionable. Yet, Google Chrome remains to be the web browser with the most market share. However, Google’s Project Zero researcher James Forshaw highlighted the fact of Google Chrome being vulnerable in a blog post titled ‘You Won’t Believe what this One Line Change Did to the Chrome Sandbox’. He has pointed out that one mistyped line in the Windows 10 code messed up Chrome’s browser sandbox feature. This is due to the fact that Google Chrome’s security is totally reliant on Windows 10.
Windows 10 vulnerability messed up Chrome’s sandbox
Claiming the Google Chrome sandbox to be one of the better-deployed sandbox environments on Windows 10, James Forshaw claimed it to not being enough. He said,
“The main one being the sandbox’s implementation is reliant on the security of the Windows OS. Changing the behavior of Windows is out of the control of the Chromium development team. If a bug is found in the security enforcement mechanisms of Windows then the sandbox can break.”
This issue started when an update was pushed to Windows 10 versions starting Windows 10 version 1903, where an attack could be penetrated to Windows 10 when entered through Google Chrome.
The line should have been:
NewToken->ParentTokenId = OldToken->TokenId;
But it had been changed to:
NewToken->ParentTokenId = OldToken->ParentTokenId;
This completely breaks the check, as the new sandboxed process has a token which is considered a sibling of any other token on the desktop, said the researcher.
After this discovery, he found a number of ways to take advantage of this vulnerability as an attacker. This indirectly demonstrated the scope of risk involved with even small errors in the code of the Windows 10 operating system. However, James already reported this error to Microsoft, and a patch, CVE-2020-9081, has already been issued by Microsoft for this vulnerability.
This vulnerability affected all the web browsers based on the Chromium engine like Opera, Brave, Google Chrome, and even Microsoft’s own Edge browser.
This is one of those instances that encourage the user to always get the latest updates to their software from their respective providers.