image credit: flickr

Major Windows 7 zero-day discovered, enables privileged escalation in combination with another Chrome exploit

Security researchers at Google and Microsoft have observed attackers using a combination of a patched Chrome vulnerability and an unpatched Windows vulnerability to take advantage of Windows 7 systems. The announcement of the issue comes as part of their responsible vulnerability disclosure policy.

The Windows bug is a null pointer dereference in the win32k.sys kernel driver, while the Chrome bug is a use-after-free in the FileReader component. Both of these bugs deal with accessing memory that should not be accessed by the user.

Read More on TechSpot