Google Discloses Chrome Zero-Day Exploited in the Wild (zdnet.com) 17
Yesterday, on late Halloween night, Google engineers delivered the best scare of the evening and released an urgent update for the Chrome browser to patch an actively exploited zero-day. From a report: "Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild," Google engineers said in a blog post announcing the new v78.0.3904.87 release. The actively-exploited zero-day was described as a use-aster-free bug in Chrome's audio component. Use-after-free vulnerabilities are memory corruption bugs that occur when an application tries to reference memory that was previously assigned to it but has been freed or deleted in the meantime. This usually causes a program to crash, but can also sometimes lead to other, unintended consequences, such as code execution scenarios. Google credited Anton Ivanov and Alexey Kulaev, two malware researchers from Kaspersky, with reporting the issue. According to a blog post published after this article's publication, Kaspersky said the zero-day was being used to install malware on user devices. It was being deployed on user devices via a Korean-language news portal.
With patch announced (Score:1)
You misunderstand the purpose of this article. (Score:2)
It is to get you to go to the site and be manipulated and lied to in order to waste money on a criminal, called "advertiser", who paid the site do lure you in for him.
So why would they put the key info in here?
That said, be happy there is any info at all. Any information therein is purely an accident and imperfect profit optimization. ;)
Competitors like BuzzFeed will out-compete them with empty buzz "news" soon enough.
Clueless article? (Score:2)
WTF us "a use-aster-free bug"?
Do they mean "use after free"?
Re: (Score:2)
Re: (Score:2)
Bad software engineering (Score:2)
Use-after-free is something that, for example, Valgrind reliably finds with good test cases. It can also in many case be avoided by simply zeroing memory after it is freed and causing non-exploitable crashes this way. Look to me like Google is doing things on the cheap here.
Re: (Score:2)
Just out of interest, have you any experience of doing what you are suggesting, you know, writing 'good tests' which help identify *all* of the exploitable problems in a code base? Not catching some of them, no, you need to catch all of them...
I think you are over-simplifying the challenge if you honestly think it's a case of just writing 'good' tests...
Re: (Score:2)
Re: (Score:2)
You think wrongly. And yes, I have a few decades of experience in this space. I also did never imply that writing good test cases was easy, that was all your doing. And I never said anything about "all" exploitable code problems, that was you again. I was specifically talking about use-after-free and why its presence in some code is not a good sign.
I have no idea how you arrived at the mess of a response you gave, but apparently you are not a rigorous thinker.
Re: (Score:2)
Use-after-free is something that, for example, Valgrind reliably finds with good test cases. It can also in many case be avoided by simply zeroing memory after it is freed and causing non-exploitable crashes this way. Look to me like Google is doing things on the cheap here.
Chrome testing uses ASAN [github.com] builds (as do basically all Google products written in unsafe languages), so it must be that this UAF bug only appears on a rarely-used codepath. The test suite has very good coverage [googlesource.com] and chrome also has fairly good fuzzing coverage [appspot.com] but apparently both missed this case.
Re: (Score:2)
The test suite has very good coverage [googlesource.com]
I think the numbers in that link are just an example; I mistook them for the current actual values. I'm not sure where to find the current values short of building and running Chromium and the test suite myself, so I don't know what they are. It's possible they aren't as good as those sample numbers.
Re: (Score:3)
Re: (Score:2)
That coverage is actually pretty bad for a piece of software of this criticality. As the issue under discussion shows.
Re: (Score:2)
That coverage is actually pretty bad for a piece of software of this criticality. As the issue under discussion shows.
Can you point to another large project that has better coverage? I don't think I've ever seen one.
Exploit.. in other words, (Score:1)
This is also, why monocultures are bad. (Score:2)
People bitch about "fractioning" e.g. of Linux, like having choice and adapting to individual needs is a bad thing.
This is what will get them.