View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 7, 2019updated 08 Mar 2019 10:50am

Update Chrome “Right This Minute” Warns Google

Is swapping C++ for Rust the answer?

By CBR Staff Writer

Google Chrome’s security team have warned users to update the browser “right this minute” after one of the company’s own security researchers identified a serious Chrome zero day, or vulnerability, that was under active attack.

The attacks exploited CVE-2019-5786. The find was credited to Clement Lecigne of Google’s Threat Analysis Group. Details remain thin on the ground

Google described it as a memory management error in Chrome’s FileReader –a web API in all major browsers that lets web applications  read the contents of files (or raw data buffers) stored on the user’s computer, using File or Blob objects.

A patch was included in Chrome 72.0.3626.121 released March 1, 2019.

Chrome security lead Justin Schuh tweeted: “Update your Chrome installs… like right this minute”.

(The reference to a “faux 0day” related to another less severe bug identified by security researchers at EdgeSpot that allows the sender of PDF files to track the users and collect user information when they use Google Chrome as a local PDF viewer.)

Chrome Zero Day: Could Rust Help?

Commenting on the Chrome zero day, Travis Biehn, technical strategist – research lead at Synopsys, said in an emailed statement: Google Chrome is some of the most robustly engineered C and C++ code on the planet, the security teams working on Chrome are world-class.”

“[But] despite Google’s security program… it still suffers from memory corruption attacks related to the use of C and C++. Luckily for the public, Chrome ships with an effective mechanism for update and patching – one that can get a critical fix out to end users in real time.”

“The teams at Mozilla are experimenting with porting parts of FireFox’s C++ codebase to Rust, a language that doesn’t suffer from memory corruption attacks – the availability of a highly performant and safe systems language like Rust is a game changer for software security – and we’re excited to see more organisations looking at replacing the use of less safe low-level languages with new languages like Rust.”

Read this: Why Programming Language “Rust” is Getting all the Love

Topics in this article: , , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU