Microsoft has quietly issued a fix for a two-year old bug that could have allowed for a bypass of privileges in Google's Chrome browser.
Kaspersky Labs' Threat Post cited Google Project Zero's James Forshaw who noted that the issue was pointed out to Microsoft in December 2014, but at that time the company declined to issue a patch. However, Forshaw tweeted on November 30 that a patch was finally issued.
@tiraniddo @msftsecresponse broke a sync trick used in my edge exploit for last year PoC topic.
— mj0011 (@mj0011sec) November 30, 2016
Forshaw did not know exactly when or why Microsoft made the change, but theorized it might have been included in a recent Windows 10 update. However, he took exception to this methodology, telling Threat Post no notification is given so nobody knows if the problem has been fixed.