Security analysts at Google and Microsoft have watched assailants utilizing a mix of a fixed Chrome weakness and an unpatched Windows 7 vulnerability. The declaration of the issue comes as a major aspect of their vulnerability disclosure policy. Both the Windows bug and Chrome bug deal with accessing memory that should not be accessed by the user.
Most current internet browsers utilize a “sandbox” to help ensure against online assaults. This is like a virtual environment that websites, and their corresponding code, run in. These sandboxes are supposed to guarantee that untrustworthy code can’t get out and attack important system assets, however joining these two bugs together into causes just that.
Google fixed their bug last Friday. Unlike other updates which you can see immediately, this fix requires a manual restart. The Windows 7 bug has yet to be fixed but is believed to only affect Windows 7 32-bit systems. Meanwhile, Microsoft is urging Windows 7 users to upgrade to Windows 10.
Give us a call or email us to assess your vulnerabilities!