Recently, Clement Legine from Google’s Threat Analysis Group has published an article wherein he has mentioned the details of major security risk on Chrome browser. Since, Google has released Chrome Zero-Day Bug fixes and suggesting the users to update their browser immediately to escape any security threat.
At that time, the company did not give many details about the bug which was related to FileReader API of Chrome that allows the web applications to read the content of files stored on users’ computers. Let’s take have a look at Legine statement on Chrome browser’ security risk.
It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape. The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndexwhen NtUserMNDragOver() system call is called under specific circumstances.
Google found that Chrome Zero-Day Bug only exploited on Windows 7
Further details, Google have said that Chrome Zero-Day Bug could be exploited on Windows 7 especially on Windows 7 32-bit System. Actually, Windows Zero-day bug has still not been fixed and it could still be combined with some another browser exploits. When we talk about Google Solution for this major security issue, it is good to see that Google has advised the users must Install Windows 10 to fix Chrome Zero-Day Bug.
We are researching on the matter Chrome Zero-Day Bug and other security related issues & news deeply and we will defiantly post an update, if it will come in future. For any suggestions or queries, please write on the comment box given below.
You may also read: First Exynos Samsung Galaxy S10 Firmware Update for SM-G973F Model