On Monday, the company's Threat Analysis Team announced in a blog post that it already reported the bug to Microsoft last week. According to Google's policy, the company gave Microsoft just seven days to develop a solution, or publish recommendations for getting around it. When Microsoft failed to do so, Google went public saying, "This vulnerability is particularly serious because we know it is being actively exploited."
Here's the problem: A bug in the Windows system, called win32k.sys, can allow hackers to escape security sandboxes. But Google says there's a way for users to stay safe until Microsoft releases a fix. The Chrome browser's sandbox blocks the win32k.sys system on Windows 10, preventing exploitation of this vulnerability.
Microsoft told VentureBeat that the disclosure puts users at risk, recommending that customers use Windows 10 and the Microsoft Edge browser.