fbpx
News Hub

Severe security flaw found by Microsoft in ChromeOS

Written by Thu 25 Aug 2022

ChromeOS Error

First discovered by a Microsoft security researcher in April this year, a significant memory corruption vulnerability in ChromeOS has been disclosed in a recent Microsoft blog post.

The flaw would have allowed hackers to remotely trigger a denial-of-service (DoS) or a remote code execution (RCE) by interfering with audio metadata.

“Attackers could have lured users into meeting these conditions, such as by simply playing a new song in a browser or from a paired Bluetooth device, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely,” explained Microsoft in a blog post.

Soon after the breach was found in April, Microsoft alerted Google via the Chromium bug tracking system and the vulnerability was fixed in a June 15 patch. The issue itself was found in the CRAS (ChromiumOS Audio Server) component, which is located between the operating system and ALSA (Advanced Linux Sound Architecture).

With a Common Vulnerability Scoring System (CVSS) score of 9.8, which ranks the issue as critical, it was essential that the problem was addressed quickly before damage against ChromeOS users could be achieved.

Microsoft thanked the team at Google and the wider Chromium community for quickly addressing the issue and releasing a patch. According to Jonathan Bar Or, of the Microsoft 365 Defender Research Team, the recent launch of ChromeOS Flex, that gives users the ability to turn older PCs and Macs into Chromebooks, calls attention to the importance of ensuring that all devices that run ChromeOS are monitored for potential security issues.

As no operating system is immune from security flaws and bugs, the report also called for cross-platform monitoring for devices and operating systems, as well as using tools such as Microsoft Defender for Endpoint’s device discovery capabilities to discover suspicious traffic.

Written by Thu 25 Aug 2022

Tags:

Google Linux Microsoft
Send us a correction Send us a news tip