Google Confirms That More Than Two-Thirds of Vulnerabilities In Chrome Browser Are Due To Memory Unsafety

After going through 912 high and other major security bugs, Google engineers have come to the conclusion that such issues arise in Chrome because of memory safety issues.

Google while noting this down in the memory safety report said that Chrome’s security architecture has been designed in such a way in the first place that such bugs are bound to exist.

Furthermore, sandboxes help the internet browser to stop such bugs from taking over the hosting machines. The company claims that this move has helped the engineering team to stay ahead of the attackers but in reality that has barely been the case. In fact, the browser is already reaching the limit of what can be done with sandboxing and site isolation.

Moreover, this issue isn’t only limited to Google. Such bugs caused by memory safety have also been found in iOS and macOS. Microsoft has also openly claimed that it fixes and assigns CVE (Common Vulnerabilities and Exposures) to 69% of the vulnerabilities caused by memory unsafety.

Besides that, analysis tell that more than 80 percent of zero-day vulnerabilities arise because of memory issues.

As sandboxing is gradually losing its benefit, Google is all ready to tackle the memory safety problems with “any and all means necessary”. By that, they also mean to explore the custom C++ libraries or taking advantage of the more safe languages like JavaScript, Rush, and Swift.



Read next: Google Chrome For Desktop Is Adding Several Security And Privacy Tools, The Most Significant Of Which Is The Safety Check Feature

No comments:

Post a Comment