Chrome: 70% of All Security Bugs Are Memory Safety Issues

[DEAD7]

Chrome: 70% of All Security Bugs Are Memory Safety Issues


Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components. The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities.

 

[Tommy Knocks]

I spotted that in task manager many months ago.

Opera doesn't have this issue.

 

[Yapdatfool]

Does this mean Edge Chromium has the same issues

And all these patches only slow things down, from processors to applications can't correctly have memory usage without it

 

[Deflatedhoopdreams]

Their programmers better step their C++ game up

 

[Deflatedhoopdreams]

No other language has as strong an ecosystem of libraries (we rely heavily on external code). Few other languages give you full-stack control like C++ (we regularly tweak our custom heap allocator and do all sorts of memory-unsafe things to be faster or use less memory). Few other languages let you re-implement most of the standard library in a sane way (we have our own strings and collections implementations, tuned to our needs).