Google claims that Windows 10 v1903 invalidates the browsers’ sandboxes
Google recently released a report that Microsoft introduced a vulnerability in Windows 10 1903 that could invalidate the sandbox mode of all browsers based on the Chromium kernel.
The specific changes made by Microsoft are as follows: “NewToken->ParentTokenId = OldToken->ParentTokenId;.” Of course, for ordinary people like us, this magic string is really difficult to understand. Simply put, this is a change to the Windows 10 system’s code for assigning security tokens.
Microsoft explained this issue concisely in its security bulletin (CVE-2020-0981 | Windows Token Security Feature Bypass Vulnerability): “A security feature bypass vulnerability exists when Windows fails to properly handle token relationships. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape. The update addresses the vulnerability by correcting how Windows handles token relationships.”
As mentioned by Microsoft (also discovered by Google’s Project Zero), this vulnerability could allow hackers to break their malicious code through the sandbox restrictions of browsers based on the Chromium kernel.
Fortunately, Microsoft has released a patch (KB4549951) that can fix this vulnerability. If you have not installed the patch, it is recommended that you install it immediately to avoid security issues.