Project Zero discovers a new security breach: Windows 7 computers using Chrome are affected
A new vulnerability threatens the security of users of Google Chrome and Windows 7 . A breach in security that has again been discovered and published in the Google Security Blog by the researchers of Project Zero , the department in charge of finding vulnerabilities in applications and operating systems.
In this case it is a vulnerability for which the combined use of both Windows 7 and Chrome is required , in both cases on computers that do not have the patch that solves it installed. To carry out the attack, the cybercriminal makes use of a combination of Chrome and Windows 7 to execute malicious code.
In the case of the Google browser, the company launched a patch intended to correct the failure and has asked Chrome users to check that their browser is in version 72.0.3626.121 or higher and has therefore corrected the risk through the update (CVE-2019-5786). For this, once Google Chrome is updated, the user must restart it so that the patch is installed and the protection is effective.
The problem, in this case, is that for the attack to take place it also requires another security hole, a second exploit that this time does not depend on Google because it is in Windows 7 . A security breach that is related to the win32k.sys kernel .
Apparently, only computers that have a Windows 7 32-bit, would be affected, because Microsoft has improved security in later versions of Windows avoiding the risk. The irrigation is also superior if we think about how Windows 7 approaches the end of its life cycle so that updates are becoming less frequent.
End of Windows 7 support: what it means that you only have one year of security patches
From Project Zero have passed a note on the case to Microsoft to take action and solve the security hole while advising users to make the leap to a more current version of its operating system such as Windows 10.