Google Project Zero Team Discovered A Windows Zero-Day Vulnerability

Security researchers from the Google Project Zero team have identified a zero-day vulnerability in the Windows kernel that appears to be actively exploited.

The zero-day vulnerability, identified by code CVE-2020-17087, was exploited as part of a two-stage attack, along with another Chrome zero-day vulnerability, CVE-2020-15999, that fixed in Chrome version 86.0.4240.111, released last week. The Chrome flaw was exploited to allow malicious code to run inside the browser, while the Windows flaw allowed them to break out of Chrome’s secure sandbox and execute code on the underlying operating system.

Although the vulnerability was found only eight days ago, experts decided to quickly disclose the details of the problem since hackers are already using it. Researchers have not yet disclosed details about these attacks, but according to the head of Google Project Zero, Ben Hawkes, the operation of CVE-2020-17087 has nothing to do with the US presidential election.

Project Zero shared their findings with Microsoft last week, giving Microsoft seven days to fix the bug. Since the Redmond giant has not yet released a corrective patch within the deadline set by Project Zero, details of the vulnerability have been publicly disclosed.

This is not the first time that a zero-day Windows and a Chrome vulnerability have been exploited together to conduct an attack. It already happened in March 2019 with the CVE-2019-5786 of Chrome and CVE-2019-0808 of Windows.

Sabarinath is the tech-savvy founder and Editor-in-Chief of TechLog360. With years of experience in the tech industry and a computer science background, he's an authority on the latest tech news, business insights, and app reviews. Trusted for his expertise and hands-on tips for Android and iOS users, Sabarinath leads TechLog360 with a commitment to accuracy and helpfulness. When not immersed in the digital world, he's exploring new gadgets or sharing knowledge with fellow tech enthusiasts.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream