One of Microsoft’s Windows 10 updates was so bad it broke Google Chrome

And other Chromium browsers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas revealed thatMicrosoftmanaged to break an important security feature in all Chromium-based web browsers, including Chrome, with itsWindows 10 1903update.

The security feature in question is the Chromium sandbox. The sandbox should allow users to run apps and extensions is a virtual environment separate from youroperating system. If the download you’re running in the sandbox contains malicious code, it won’t be able to access or infect your operating system.

It’s a very useful tool, but at some point Microsoft managed to include a “security feature bypass vulnerability” (as Microsoft itself terms itin a security advisory), which meansWindows 10failed to “properly handle token relationships”.

In English?

Essentially, what this means is that a malicious user could exploit the vulnerability and allow an application with one integrity level execute code at a different integrity level – and escape the Chromium sandbox and run code that could affect the host PC. Basically, exactly the opposite of what the sandbox is designed for.

As Google’s Project Zero team, which found this issue,notes in a blog post, “The sandbox works on the concept of least privilege by using Restricted Tokens” – and if those tokens aren’t handled correctly, your PC can be put at risk.

The whole blog post is worth reading – though it isverytechnical – as it explains in depth how this vulnerability works.

The fact that it affects Chrome – the most widely-used web browser in the world – is certainly worrying, even if you don’t use the sandbox feature. It shows that Microsoft’s recent problems withWindows 10updates are affecting other developers' software as well.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

It’s not just Chrome that’s been hit either, but any browser that uses the Chromium engine. Embarrassingly, that also now includes the newMicrosoft Edge.

Perhaps even more embarrassingly, Microsofthasreleased a patch to fix the vulnerability – Windows 10 KB4549951 – but it’s been discovered thatthatpatchhas been causing serious problems for some users.

We’ve contacted Microsoft for comment, and will update this story when we hear back.

Matt is TechRadar’s Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there’s no aspect of technology that Matt isn’t passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he’s reviewed over 250 laptops and computing accessories personally.

Chrome slowing down your laptop? Google’s new performance controls could help the browser run faster

Microsoft promises Windows 11’s Edge browser will become “very fast” – but will it be enough to beat Chrome?

7 myths about email security everyone should stop believing