Google warns of vulnerability in Windows 7 that is being actively exploited
Google has discovered a vulnerability in the win32k.sys kernel that is being actively exploited in the 32-bit version of Windows 7. Malicious persons are using the vulnerability in conjunction with a now resolved security issue in Chrome.
The vulnerability in the Windows kernel discovered by Google allows attackers to increase their privileges and thus escape from Chrome’s sandbox, along with a vulnerability in that browser. According to Google, the vulnerability can probably only be exploited in the 32-bit version of Windows 7. Newer Windows versions have security measures that stop that.
Google has reported the vulnerability to Microsoft and the maker of Windows is working on a fix. Since the vulnerability is already in active use, Google has disclosed its existence before a patch is available.
When Google disclosed a critical vulnerability in Chrome earlier this week, the search giant said it had encountered a chain of zero days. Google has fixed that vulnerability in Chrome with an update to the browser. According to Google, the vulnerability in the Windows kernel can still be used in combination with other vulnerabilities in browsers.