According to International Business Times, Google has discovered some vulnerabilities in Adobe Flash and Microsoft’s Windows software which may subject Google Chrome to malware. The discovery was made in late October but the information has just been made public recently. Adobe has released a patch to fix the vulnerability but Microsoft has yet to respond to the latest threats. Since Google takes threats seriously they were forced to make the vulnerabilities public to inform their customers.
Google’s Threat Analysis Group released a statement regarding the incident:
“After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” wrote Neel Mehta and Billy Leonard of Google’s Threat Analysis Group.”This vulnerability is particularly serious because we know it is being actively exploited.”
The threat is located within the Windows kernel (win32k.sys) which could allow potential attackers to escape from Windows’ security sandbox. This is extremely important because would be attackers would be able to access Windows computers and run code without the person’s knowledge. Chrome is already set to block these type of attacks on Windows 10 but if users use different browsers other than Chrome they may be vulnerable to a future attack.