Nearly all Google Chrome security bugs involve memory flaws
The vast majority of all security bugs found in Google Chrome are related to memory management, the company’s researchers have declared.
Following an analysis of over 900 high/critical security bugs found on the Stable channel since 2015, Google’s engineers have confirmed that around 70 per cent of these pertain to memory management and safety.
Memory safety problems are fundamentally C and C++ coding errors, the two primary coding languages in the Chrome and Microsoft codebases. Of the aforementioned percentage, 50 per cent are use-after-free vulnerabilities, rooted in incorrectly-managed memory pointers.
Fixes needed
The underlying issue is that C and C++ are older programming languages that do not factor in the possibility of cyberattacks. They allow programmers complete control over the management of memory pointers and do not automatically alert the latter to potential memory management errors at the development stage.
Hence, these errors and the resulting memory management weaknesses such as use-after-free, race conditions, double free, buffer overflow, etc are embedded in Chrome and Microsoft applications.
Memory management weaknesses are among the first things potential attackers look for, as they can use them to simply embed their malicious code in a device memory and then wait for it to be executed by the victim’s own applications.
Memory management bugs have become such a problem that Google engineers are now required to follow the ‘Rule of 2’ while writing a new Chrome programme. Under this norm, the new feature’s code must not violate more than two of the following conditions:
The finding matches a Microsoft engineer’s claim at a February 2019 security conference that for over a decade, 70 per cent of the security issues addressed through a Microsoft security update annually related to memory safety.
- Handles untrustworthy inputs
- Runs with no sandbox
- Is written in a vulnerable programming language (C/C++)
Mozilla has adopted Rust as the programming language for Firefox. Rust is considered to be one of the safest programming languages, ideal for mitigating the vulnerabilities inherent in C and C++. Microsoft is experimenting with Rust as well, besides building a proprietary secure programming language.
Engineers at The Chromium Project have said that they feel that sandboxing and site isolation are reaching their limit and that the best way forward is to ‘squash bugs at the source instead of trying to contain them later’.
Going forward, Google engineers plan to explore solutions like Custom C++ libraries, hardware mitigations and use safer languages wherever possible. Options include Rust, JavaScript, Java and Swift. Developers are also looking at the MiraclePtr Project, an initiative that proposes to convert use-after-free bugs ‘from security bugs into non-security crashes’.
Via: ZDNet