{"id":457675,"date":"2022-08-24T16:18:58","date_gmt":"2022-08-24T14:18:58","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=457675"},"modified":"2022-08-24T16:21:18","modified_gmt":"2022-08-24T14:21:18","slug":"microsoft-finds-severe-security-flaw-in-chromeos","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/457675-microsoft-finds-severe-security-flaw-in-chromeos.html","title":{"rendered":"Microsoft finds severe security flaw in ChromeOS"},"content":{"rendered":"

Microsoft uncovered a major memory corruption vulnerability in Google’s ChromeOS operating system that could have allowed attackers to perform denial-of-service or remote code execution attacks.<\/p>\n

The software giant recently published a blog post<\/strong><\/a> about the discovery of the flaw, which was given a 9.8 out of 10 rating on the Common Vulnerability Scoring System.<\/p>\n

The vulnerability lies within a service called ChromiumOS Audi Server on D-Bus. D-Bus is an interprocess-communication system for Linux that ChromeOS relies on.<\/p>\n

Microsoft explained an attacker could remotely trigger the vulnerability by manipulating audio metadata.<\/p>\n

“Attackers could have lured users into meeting these conditions, such as by simply playing a new song in a browser or from a paired Bluetooth device, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely,” it explained.<\/p>\n

Microsoft informed Google about the vulnerability in April 2022 and reported it through Chromium’s bug tracking system.<\/p>\n

Google patched the vulnerability in an update that rolled out on 15 June 2022<\/strong><\/a>.<\/p>\n

Microsoft praised the Google team and the Chromium community for their professional resolution and collaborative efforts.<\/p>\n

The Register notes<\/strong><\/a> that Microsoft’s announcement flips the script because Google’s security researchers had made a habit of finding, reporting, and disclosing bugs in other vendors’ software.<\/p>\n

Google’s practice of publicly disclosing the vulnerabilities after 90 days, even without companies patching them, has drawn the ire of Microsoft in the past.<\/p>\n

Microsoft said its latest research emphasised the importance of analysing and monitoring security for devices running ChromeOS, particularly in light of the recent launch of ChromeOS Flex<\/strong><\/a>.<\/p>\n

The software allows users to switch legacy PCs running older versions of Windows or MacOS to ChromeOS, which requires less powerful hardware to run smoothly.<\/p>\n

That could help many users avoid upgrading their PCs to run the latest Windows or MacOS with up-to-date security and features.<\/p>\n

Microsoft’s newest operating system \u2014 Windows 11 \u2014 has some stringent requirements that cuts off many older PCs released more than five years ago.<\/p>\n

However, it will still serve Windows 10 with security and feature updates until its planned end-of-life in October 2025.<\/p>\n

But the software giant might feel threatened by ChromeOS Flex potentially moving some of the users on its older operating system over to Google’s ecosystem due to the performance benefits.<\/p>\n

\n

Now read: WhatsApp-spying virus found infesting knock-off Android smartphones<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"

Microsoft uncovered a major memory corruption vulnerability in Google’s ChromeOS operating system that could have allowed attackers to perform denial-of-service or remote code execution attacks.<\/p>\n","protected":false},"author":23,"featured_media":434178,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[70996,79864,167,1799,123,43684,49767,70233],"class_list":["post-457675","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-chromeos","tag-chromeos-flex","tag-google","tag-linux","tag-microsoft","tag-operating-systems","tag-security-vulnerabilities","tag-windows-11"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/457675"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=457675"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/457675\/revisions"}],"predecessor-version":[{"id":457869,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/457675\/revisions\/457869"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/434178"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=457675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=457675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=457675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}