If you rely on Google Chrome – or Opera, Microsoft Edge, Brave, or any other web browser based on the open-source Chromium codebase – to work from home or keep in touch with friends or family while staying at home due to the ongoing coronavirus pandemic, you might want to avoid the latest update to Windows 10. That’s because Microsoft has broken a key security feature found in all Chromium-based web browsers with its latest Windows 10 1903 update, which is available to all users right now.
And worst of all, the subsequent fix for the issue is deleting files from users’ PCs during the update process – leaving millions of Windows 10 users worldwide caught between a rock and a very hard place. The important security feature, initially broken by Microsoft in its update, is the Chromium sandbox. For those who don’t know, this key feature allows users to run applications and browser extensions in a virtual environment that is completely separate from your operating system.
If the item you’re downloading happens to contain malware or another security threat, it won’t be able to creep into the rest of the operating system – it will be contained within the sandbox. Clearly, this is a vital feature to keep your most important documents, applications and more safeguarded from the worst offenders online.
Unfortunately, Windows 10 has broken it. Thanks to a new “security feature bypass vulnerability,” as Microsoft calls it in a recent update to customers, Windows 10 now fails to properly handle the feature. This vulnerability means cyber crooks could exploit the flaw to allow their apps to escape the confines of the sandbox to infect all parts of your PC.
The next Windows 10 update is a step closer, here’s how it’ll transform your PC
In a nutshell, it stops the Chromium sandbox working as it’s supposed to – and leaves your entire PC vulnerable to downloads that would otherwise be safely contained.
Google found the issue and addressed the broken sandbox in its blog post, “The sandbox works on the concept of least privilege by using Restricted Tokens” – and since Windows 10 isn’t handling those tokens correctly, the operating system is now leaving your Windows 10 PC at risk.
Google Chrome is comfortably the most popular web browser on the planet. By most estimates, it accounts for around 67 percent of all desktop web browser traffic worldwide. Coupled with the one billion or so PC owners who use Windows 10, this flaw will impact a huge number of people.