Microsoft finds severe security flaw in ChromeOS
Microsoft uncovered a major memory corruption vulnerability in Google’s ChromeOS operating system that could have allowed attackers to perform denial-of-service or remote code execution attacks.
The software giant recently published a blog post about the discovery of the flaw, which was given a 9.8 out of 10 rating on the Common Vulnerability Scoring System.
The vulnerability lies within a service called ChromiumOS Audi Server on D-Bus. D-Bus is an interprocess-communication system for Linux that ChromeOS relies on.
Microsoft explained an attacker could remotely trigger the vulnerability by manipulating audio metadata.
“Attackers could have lured users into meeting these conditions, such as by simply playing a new song in a browser or from a paired Bluetooth device, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely,” it explained.
Microsoft informed Google about the vulnerability in April 2022 and reported it through Chromium’s bug tracking system.
Google patched the vulnerability in an update that rolled out on 15 June 2022.
Microsoft praised the Google team and the Chromium community for their professional resolution and collaborative efforts.
The Register notes that Microsoft’s announcement flips the script because Google’s security researchers had made a habit of finding, reporting, and disclosing bugs in other vendors’ software.
Google’s practice of publicly disclosing the vulnerabilities after 90 days, even without companies patching them, has drawn the ire of Microsoft in the past.
Microsoft said its latest research emphasised the importance of analysing and monitoring security for devices running ChromeOS, particularly in light of the recent launch of ChromeOS Flex.
The software allows users to switch legacy PCs running older versions of Windows or MacOS to ChromeOS, which requires less powerful hardware to run smoothly.
That could help many users avoid upgrading their PCs to run the latest Windows or MacOS with up-to-date security and features.
Microsoft’s newest operating system — Windows 11 — has some stringent requirements that cuts off many older PCs released more than five years ago.
However, it will still serve Windows 10 with security and feature updates until its planned end-of-life in October 2025.
But the software giant might feel threatened by ChromeOS Flex potentially moving some of the users on its older operating system over to Google’s ecosystem due to the performance benefits.
Now read: WhatsApp-spying virus found infesting knock-off Android smartphones
Loading ...