Jump to content
Badcam3

news Google reveals 0-day vulnerabilities affecting Google Chrome and Windows 7, recommends updating to Windows 10

Recommended Posts

RWkomY.jpeg.b1cbe5acbd70c5b7872e159d5c20ae10.jpeg

Google’s Threat Analysis group has Please login or register to see this link. affecting Google Chrome and Windows 7 PCs yesterday (via Please login or register to see this link. ). Google said it has already patched Chrome to remediate the vulnerability on March 1, and it’s recommending users to make sure that they have already updated the web browser to version 72.0.3626.121 or newer.

As for the Windows 7 vulnerability, Google says that it already reported it to Microsoft but had to reveal it yesterday after the end of its to a 90-day disclosure deadline. The Redmond giant is said to already be working on a fix, but according to Google this vulnerability is already being exploited in targeted attacks.

 

Quote

It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape. The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances.

We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.

 

As Microsoft has yet to announce when it will fix this vulnerability, Google is recommending Windows 7 users to upgrade their PCs to Windows 10. Microsoft announced yesterday that the new OS is now running on 800 million devices worldwide, but 43.93% of Windows users were still using Windows 7 in March according to Please login or register to see this link. .

 

MY NOTE: Just because this is currently only being used against 32 bit versions of Windows 7 does not mean that the 64 bit version is safe. No where does anyone mention that windows 7 64bit is safe either. Just that it is has not being exploited on the 64bit version yet. It's just a matter of time. Microsoft has not even announced a fix yet.  PLEASE FOR THE LOVE OF GOD UPDATE TO WINDOWS 10. ITS FREE.

 

Please login or register to see this link.

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

@gamerone Windows 7 enterprise 64bit and I don't really use chrome also
giphy.gif
Nope I will be the last grumpy old person running windows 7. I did the same thing with Windows XP till I needed more ram and TBH iv been running Windows 7 for this long with minimal issues (like 2 in the last 5 years) so I don't see any problem continuing to use win 7 till i run out of hardware support and if I'm careful and don't run or click on stupid stuff.

I wasn't going to comment on this as I'm pretty sure most people on NGR know my thoughts on windows 10 but gamerone tagged me soo I blame him. In conclusion No you should not run windows 7 but if you have to for work and you know what your doing then it's fine.

  • Like 2

Share this post


Link to post
Share on other sites

I've been trying to upgrade but the upgrade method failed .. guess I'll have to buy it. soon

 

"To date, we have only observed active exploitation against Windows 7 32-bit systems. "

Maybe I'm ok? I DO need to update my Chrome though.. I don't use 32 bit windows 7.

  • Like 1

Share this post


Link to post
Share on other sites

macOS and Linux all day long. Windows 10 can jam all kinds of sharp objects and Microsoft's refusal to support their last good OS (7, it will be their last good forever it seems) means I'll gladly spend the money on Apple gear for my primary, and SteamPlay / Lutris / Playstation everything else.

Also I'll never use a Google product, evil company, the most evil private company. I use Safari on macOS and Firefox / Waterfox on everything else, DuckDuckGo for searches and homebridge for home automation (testing out MyCroft for voice, not sold on it yet).

Share this post


Link to post
Share on other sites

Yeah, let's install a Spyware-OS just so that we can avoid a single vulnerability.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By ElTacoDestroyer
      Please login or register to see this link.
       

    • By Badcam3
      That's right, like so many great games before it, The Outer Worlds will have a home on the Nintendo Switch.
      Obsidian announced it's working with Virtuos - the developer which helped bring the likes of Dark Souls and L.A. Noire to the Switch - to assist with the port of The Outer Worlds.
       
      Without any Fallout games lined up for the Switch, it looks like The Outer Worlds is still looking to Please login or register to see this link. .
      It doesn't have a set release date for the Switch just yet, but we do know its launch will be at some point after Please login or register to see this link. .
       
      Please login or register to see this link.
       
    • By Badcam3
      Indie developer DEVGRU-P Corporation (Attack Helicopter Dating Simulator, Stay! Stay! Democratic People’s Republic of Korea!, more) has put their latest game – Mein Waifu is the Fuhrer – Please login or register to see this link. .
      As the name implies, the “parody visual novel” sees the entire German high command on the eve of World War II turned into anime characters. Considering the circumstances, “shenanigans ensue.” Featured above, you can view the pitch video.
      Since the Nazi high command has undergone a massive transition, the events of history change as well. Instead of simply invading Poland, Rommel is stuck preventing their world from crumbling early, as the Anime-Führer is creating blunders at every turn.
      You’ll be able to make friends (enemies mostly, though) ranging from the Battle of Stalingrad to the Invasion of Normandy. There’s currently five potential waifus to romance, and you can expect enough content for multiple playthroughs.
      The visual novel has already blown past their $8,000 funding goal, and is currently sitting at roughly $15,000.
      The “Harem Ending” and  “Albert Speer” stretch goals have been reached, with a $25,000 stretch goal to secure Japanese voice actors, and more.
      If you’re interested in backing the project, you can head over to their Please login or register to see this link. .
       
      Please login or register to see this link.
    • By Badcam3
      The World Health Organization has been Please login or register to see this link. , “Gaming Disorder,” and they’ve finally made a final decision on the classification.
      The WHO has officially acknowledged the disorder this weekend, at the 72nd World Health Assembly. This means the organization will officially recognize gaming as a potentially addictive behavior.
      The group defines gaming addiction for both offline and online gaming in a similar way. Both are “characterized by a pattern of persistent or recurring gaming behavior,” while online gaming is “primarily conducted over the internet” and offline gaming is clearly not.
      The supposed disorder arises in three ways:
      Impaired control over gaming (e.g., onset, frequency, intensity, duration, termination, context) Increasing priority given to gaming to the extent that gaming takes precedence over other life interests and daily activities Continuation or escalation of gaming despite the occurrence of negative consequences. The behavior pattern is of sufficient severity to result in significant impairment in personal, family, social, educational, occupational or other important areas of functioning. “The pattern of gaming behavior may be continuous or episodic and recurrent,” the WHO state. “The gaming behavior and other features are normally evident over a period of at least 12 months in order for a diagnosis to be assigned, although the required duration may be shortened if all diagnostic requirements are met and symptoms are severe.”
      Gaming regulatory bodies like the ESA and IGDA, as well as a multitude of professional psychologists, have all decried the WHO classifying gaming addiction as a clinical disorder.
      Now that the WHO has recognized gaming addiction as a disorder, they have until 2022 to introduce new preventative measures and treatments, which I’m sure will be hilarious.
       
      Please login or register to see this link.
    • By Badcam3
      Things just keep getting worse for Huawei. The company was barred from being a member of the Please login or register to see this link. , the trade group responsible for standardizing SD and microSD cards. The change in status means that Huawei will no longer be able to offer official SD or microSD support in its devices, including phones and laptops.
      The SD Association confirmed to Engadget that Huawei was dropped from the trade group in order to comply with recent orders from the US Department of Commerce. Please login or register to see this link. , the government agency placed Huawei and 70 of its affiliate companies on its "Entity List," a decision that signifies the government believes Huawei may be undermining American interests. It also makes the company ineligible to receive items or funding without government approval. That, in addition to the Please login or register to see this link. signed by President Trump that bans the sale and use of telecommunications equipment from companies that pose "unacceptable" risks to national security, has placed Huawei in a significant bind.
      Huawei told Please login or register to see this link. that its customers will be able to continue purchasing and using SD and microSD cards with its products for the time being. It's not clear how the move will affect the company's future phones and devices, but Huawei has been moving away from the format in favor of its own "Please login or register to see this link. ."
      Being dropped by the SD Association is certainly a blow to Huawei, but it's a relatively small one given some of the other hits the company has taken in the last week. Google Please login or register to see this link. for the company's phones and chipmakers Please login or register to see this link. and Please login or register to see this link. have cut off supplies to the Chinese tech maker.
       
      Please login or register to see this link.
×
×
  • Create New...