Sign In

Communications of the ACM

ACM TechNews

Nearly All Google Chrome Security Bugs Involve Memory Flaws


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The Google Chrome icon on a smartphone handset.

Google researchers say the vast majority of security bugs found in the Chrome browser are related to memory management.

Credit: Shutterstock

Researchers at Google have found that most security bugs found in the Chrome browser are related to memory management.

The researchers analyzed more than 900 high/critical security bugs found on the Stable channel since 2015, and confirmed that about 70% of them pertain to memory management and safety.

Of that group, half are use-after-free vulnerabilities, rooting in incorrectly-managed memory pointers.

These security flaws can be attributed to the fact that C and C++ are older programming languages that do not factor in the possibility of cyberattacks.

These languages give programmers complete control over the management of memory pointers, and do not automatically alert the latter to potential memory management errors.

Google engineers plan to study solutions such as Custom C++ libraries, hardware mitigations, and using safer programming languages like Rust, JavaScript, Java, and Swift.

From TechRadar
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found