Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security

Google Exposes How Malicious Sites Can Exploit Microsoft Edge (zdnet.com) 51

Google's Project Zero team has published details of an unfixed bypass for an important exploit-mitigation technique in Edge. From a report: The mitigation, Arbitrary Code Guard (ACG), arrived in the Windows 10 Creators Update to help thwart web attacks that attempt to load malicious code into memory. The defense ensures that only properly signed code can be mapped into memory. However, as Microsoft explains, Just-in-Time (JIT) compilers used in modern web browsers create a problem for ACG. JIT compilers transform JavaScript into native code, some of which is unsigned and runs in a content process.

To ensure JIT compilers work with ACG enabled, Microsoft put Edge's JIT compiling in a separate process that runs in its own isolated sandbox. Microsoft said this move was "a non-trivial engineering task." "The JIT process is responsible for compiling JavaScript to native code and mapping it into the requesting content process. In this way, the content process itself is never allowed to directly map or modify its own JIT code pages," Microsoft says. Google's Project Zero found an issue is created by the way the JIT process writes executable data into the content process.

This discussion has been archived. No new comments can be posted.

Google Exposes How Malicious Sites Can Exploit Microsoft Edge

Comments Filter:
  • Here's an idea. (Score:5, Insightful)

    by Anonymous Coward on Friday February 16, 2018 @09:55AM (#56134872)

    Let's ditch Javascript and go back to usable websites that don't require a fucking quad core CPU and 8GB of RAM just to view.

    It's hard to exploit something when you can't run arbitrary code on it at all. "But muh infinite scrolling-" fuck your infinite scrolling. I've yet to see a website implement that properly where my browser tab didn't land up consuming 4 fucking gigabytes of RAM after 20 or so pages of stuff. God forbid I should refresh the page, lest I lose my position within your endless stream of crap content and advertisements.

    The most usable websites I've seen these days are the ones that actually have pages I can click through, layout things in a clean and logical manner, and don't feel the need to animate every fucking widget that appears on the screen. Case in point:

    http://www.motherfuckingwebsite.com

    • by fisted ( 2295862 )
      From http://www.motherfuckingwebsite.com:

      <script>
      (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
      (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
      m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
      })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

      ga('create', 'UA-45956659-1', 'motherfuckingwebsite.com');
      ga('send', 'pageview');
      </script>

  • ... the white knights here, saving us from big nasty MS and its bugs. As if android and chrome are bug free, yeah right. Oh, and chrome also requires (on linux, don't know about other OS's) a sandbox process running with root privs. Hows that for a potential exploit - a browser component that requires root. Nice design google! But hey, I'm sure your sandbox code is 100% bug free, right?

  • The joke used to be that Internet Explorer was only good for downloading better browsers. During the last few setups I've done, Edge wouldn't work well enough to download Vivaldi. So I used Internet Explorer.

  • I couldn't find a link to the Google publication of this vulnerability in the linked article and was not able to find it using any search engine.

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Working...