June 27, 2024 at 10:04AM Government agencies in the US, Australia, and Canada have drawn attention to memory safety issues in open source software (OSS) code. They stress that the majority of OSS projects use code written in a memory-unsafe language, exposing organizations and users to attacks. The analysis also revealed vulnerabilities in projects written … Read more
June 26, 2024 at 01:59PM The Cybersecurity and Infrastructure Security Agency (CISA) has released a report exploring memory flaws in 172 key open-source projects. It reveals that over half of these projects contain memory-unsafe code, emphasizing the importance of memory-safe languages like Rust, Java, and Go. CISA recommends safe coding practices and continuous testing to … Read more
June 25, 2024 at 03:54AM Google announced a new Chrome security update addressing four high-severity memory safety vulnerabilities. 3 defects were reported by ‘wgslfuzz’ & the 4th by Cassidy Kim. wgslfuzz received a $10,000 reward for CVE-2024-6290 & Kim $4,000 for CVE-2024-6291. The update, version 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows and macOS, includes … Read more
June 12, 2024 at 06:18AM Google and Mozilla released Chrome 126 and Firefox 127, respectively, with patches for high-severity memory safety vulnerabilities. Google awarded over $160,000 in bug bounty rewards to external researchers. The highest reward of $100,115 was for CVE-2024-5839, related to a medium-severity inappropriate Memory Allocator implementation. Firefox’s update addresses 15 vulnerabilities, including … Read more
June 11, 2024 at 06:18AM Arm warns of CVE-2024-4610, a memory safety bug in Mali GPU kernel drivers exploited in the wild, potentially allowing local users improper GPU memory processing operations. The bug impacts Bifrost and Valhall drivers, was introduced in r34p0, and addressed in r41p0. Arm urges prompt device updates and notes past exploit … Read more
April 11, 2024 at 04:24PM The Rust Project issued an update for its standard library due to a Windows batch-processing vulnerability, allowing for code injection. While known for memory safety, this incident highlights the language’s susceptibility to logic bugs. The group quickly addressed the issue, yet experts advise broader testing to address logical bugs and … Read more
April 11, 2024 at 08:18AM Google released Chrome 123 security update, addressing high-severity memory safety bugs. Vulnerabilities include out-of-bounds write issue in Compositing and heap buffer overflow in ANGLE rendering engine. Each flaw rewarded with $10,000 or $21,000 bug bounty. No known malicious attacks exploiting these issues. Updates rolling out for Linux, Windows, and macOS … Read more
April 8, 2024 at 10:27AM Google has announced support for a V8 Sandbox in the Chrome web browser to address memory corruption issues in the V8 JavaScript and WebAssembly engine. The sandbox aims to limit V8 vulnerabilities and will be enabled by default in Chrome version 123, with a 1% performance overhead. This development comes … Read more
April 8, 2024 at 07:36AM Google has introduced a new sandbox to combat memory safety bugs in its Chrome V8 engine. The tech giant also included it in the bug bounty program, aiming to enhance the browser’s security. This update was featured on SecurityWeek. Based on the meeting notes, it appears that Google is implementing … Read more
April 5, 2024 at 10:08AM The White House ONCD has released a report supporting the National Cybersecurity Strategy, emphasizing a shift to memory-safe programming languages for improved cybersecurity. The challenge lies in addressing legacy systems and balancing economic and technical considerations. Industry leaders, such as Mozilla, Microsoft, and Google, have invested in memory-safe languages. Practical … Read more