Microsoft Investigating An Odd Windows 10 BSOD Crashing Bug With Chrome Browser
The last thing you want to experience when working on your PC or playing a game is to experience a blue screen of death (BSOD) error, especially since these kinds of crashes can sometimes be difficult to diagnose. There are many reasons why you might experience one, though. Case in point, there is a rather odd bug that can crash your PC from within Google's Chrome browser.
It is another bug for Microsoft's software engineers to investigate. You might recall that last week we reported on a different quirk that could scramble your hard drive, with a simple string of command-line code. One of the ways it could be leveraged is to hide the code within a system icon, and if downloaded to a PC, it would end up corrupting the hard drive if simply viewing the folder it resided in.
This latest bug is different. Security researcher Jonas Lykkegaard discovered that a certain path entered into the Chrome browser's address bar would trip up Windows 10, causing the operating system to crash and spit out a BSOD error. It is related to a namespace path for a console multiplexer driver.
The BSOD can be triggered in different ways, and from low privileged users. It is not yet clear if remote code execution is possible, but as things stand, the bug could be leveraged by an attacker as part of a denial of service attack. Not directly, but as a means of making investigations into those and other kinds of attacks more difficult. If an attacker has access to a network, they could wreak havoc and prompt BSODs to slow down investigations.
Fortunately, Microsoft is aware of the issue and is looking into it.
"Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible," Microsoft told BleepingComputer.
For the most part, this is not something that general users need to worry about. And as far as businesses and higher priority targets go, we are not aware of any attacks in the wild that are using this bug. Still, it is possible, so hopefully a fix is rolled out soon.