Google this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw (CVE-2019-5786).
The Windows zero-day vulnerability is a local privilege escalation issue in the win32k.sys kernel driver and it can be exploited for security sandbox escape.
“It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape.” reads the post published by Google.