Security News > 2022 > August > Microsoft finds critical hole in operating system that for once isn't Windows
Microsoft has described a severe ChromeOS security vulnerability that one of its researchers reported to Google in late April.
Microsoft's write-up is noteworthy both for the severity of the bug and for flipping of the script - it has tended to be Google, particularly its Project Zero group, that calls attention to bugs in Microsoft software.
At least as far back as 2010, Google security researchers made a habit of disclosing bugs in software from Microsoft and other vendors after typically 90 days - even if a patch had not been released - in the interest of forcing companies to respond to security flaws more quickly.
Microsoft has chided Google about this several times over the years, though as early as 2011, Redmond showed itself willing to adapt with a revised security disclosure policy that arrived with word of Chrome vulnerabilities - albeit months after Google had fixed them.
Microsoft's disclosure of the ChromeOS critical flaw isn't a zero-day since Google made the necessary repairs.
The ChromeOS memory corruption vulnerability - CVE-2022-2587 - was particularly severe.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/23/microsoft_chromeos_bug/
Related news
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
- Microsoft delays Windows Recall again, now by December (source)
- Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft Notepad to get AI-powered rewriting tool on Windows 11 (source)
- Microsoft says recent Windows 11 updates break SSH connections (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-12 | CVE-2022-2587 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. | 9.8 |