In the case of Microsoft has not yet been repaired, Google's security agencies Threat Analysis Group (Threat Analysis Group) disclosed the details of the disclosure of Windows 10 vulnerabilities, resulting in millions of users may have been hacker security risks. In fact, this is not the first time Google did not repair the first published practice, two years ago, the company has publicly unveiled the Windows 8.1 security vulnerabilities have not been fixed, and before the release of Microsoft to fix the vulnerability time is only 7 days.
According to reports related to the Google found the Windows 10 security vulnerabilities "very serious", and has been offered to Chrome users take the initiative to repair patch. The details of the vulnerability are as follows:
The Windows 10 vulnerability found in Windows Kernel is a local right, you can escape in the sandbox. The Win32k.sys system calls NtSetWindowLongPtr () to trigger the window handle with GWL_STYLE state WS_CHILD, and then index GWLP_ID. Chrome's sandbox can prevent win32.sys system calls Win32K lock cache on Windows 10 systems, to prevent the use of these vulnerabilities to escape from the sandbox.
10 days after Google submitted to Microsoft has not yet announced the first security bulletin or patch, but after Microsoft had previously said the operating system than other systems more complex and can not be provided within 7 days of Google to resolve and to the The public provides detailed information.