Shortly after the GPU heap overflow patch, a new Chrome version, numbered 108, came out with no fewer than 28 security fixes, including patches for numerous of memory mismanagement flaws, at least some of which we assume could ultimately have been wrangled into RCE exploits.įortunately, none of those 28 bugs were known to be “in the wild”, meaning that they seem to have been found and reported by responsible cybersecurity researchers before any cybercriminals or state-sponsored hacking teams figured them out. In this case, of course, the bug was already actively being exploited, which implied that an RCE exploit had indeed been found, and that the attackers knew how to do much worse than merely to crash your browser.
(Often, the misbehaviour provoked by the bug will be detected as some sort of access violation by the operating system, which will kill off the program before it can be tricked into going rogue.) To be clear, many, if not most, memory bugs never quite end up getting turned into remote code execution (RCE) attacks.Īltough a buffer overflow often makes it easy to crash a program, thus causing it to stop responding, it isn’t always easy to figure out how trigger the bug with sufficient precision to grab control over the app itself. What they were after? Were they into data stealing, ransomware attacks, unlawful surveillance, or all of those things?.Who was using it? Were they state-sponsored attackers, or some other sort of cybercriminals?.Could it be abused for remote code execution? Could the crooks end up installing malware without any visible warning?.How might the bug might be triggered? Was merely viewing a booby-trapped web page enough?.Google left all of the following questions unanswered: The company said nothing more about that bug than to describe it as a “heap buffer overflow in GPU”, and to report that it was already being used in real-world attacks. It’s just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks.
0 kommentar(er)
