As fake certificates can be easily spoofed, WIN10 users should quickly move to latest JANUARY 2020 “Patch Tuesday” release to stay protected. While IE11 & Edge browsers have the main vulnerabilities, with some effort Chrome could also be potentially compromised (as it uses same API).

https://www.pcmag.com/news/bad-flaw-in-windows-10-also-affects-chrome-browser

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

The NSA-discovered vulnerability in Windows 10 doesn’t just affect the Microsoft operating system; it can also help disguise hacking attempts on Google’s Chrome browser. On Wednesday, security researchers began demonstrating how you can use the Windows 10 flaw, CVE-2020-0601, to spoof trusted digital certificates for official website domains on Chrome.  One expert, Saleem Rashid, did this by spoofing the SSL certificate for the NSA.gov site, which was first reported by Ars Technica. Thanks to the vulnerability, Google’s browser will mistakenly interpret the certificate as valid when in reality it’s a fake.