“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” that is what Google said. Possibly attackers have already written code for this specific security hole and are using it to break into Windows systems. Microsoft has not released a fix nor issued an advisory for this flaw but they issued a statement, though the company did not share when a patch could be expected. Instead they observed that “disclosure by Google puts customers at potential risk” and recommended customers to use Windows 10 and the Microsoft Edge browser for the best protection.