Nearly 70% of the high severity security bugs in Chrome’s code are memory unsafety problems, Google’s engineers have revealed.
Chrome engineers in a blog post this week (via ZDNet) revealed that nearly 70% bugs in Chrome’s codebase are memory management and safety related bugs. Nearly half of these bugs are use-after-free bugs that occur when a program uses a pointer after it has been freed. These are one of the most common classes of browser vulnerabilities and they can be used by hackers for attacking Chrome’s inner components.
Chrome engineers analysed a total of 912 high and critical security bugs since 2015 and they found out that nearly 36.1% of these bugs were use-after-free bugs, 32.9% were memory unsafety bugs, while 7.1% were security related bugs. “These bugs are spread evenly across our codebase, and a high proportion of our non-security stability bugs share the same types of root cause. As well as risking our users’ security, these bugs have real costs in how we fix and ship Chrome,” engineers noted in the blog post.
Interestingly, these numbers are identical with the ones shared by Microsoft at a security conference last year. A Microsoft engineer last year revealed that nearly 70% of all bugs in Microsoft products were memory safety issues, ZDNet reported.
Another similarity between the two platforms is the usage of C and C++. These are old programming languages used by developers. They don’t warn or restrict developers when they are making memory allocation errors and are often deemed “unsafe”. These early errors if remained undetected can create vulnerabilities in applications which in turn can provide gateways for hackers to take control of Chrome processes.
Google says that sandboxing is one of the most common techniques used by engineers to prevent hackers from taking over the host machine. “Over the past years that architecture has been enhanced to ensure that websites are isolated from one another. That huge effort has allowed us — just — to stay ahead of the attackers. But we are reaching the limits of sandboxing and site isolation,” Google added.
The memory management related issue has become so big that engineers now are using Rule of 2 for writing code. This rules says that engineers cannot break more than two of these three rules:
— Code which processes unworthy inputs
— Code written in an unsafe language (C/C++)
— Code which runs with no sandbox.
However, using the Rule of 2 is preventing developers from shipping features to Chrome.
The company is tackling this issue by “fixing classes of bugs at scale, rather than merely containing them.” It expects its new strategy to cause significant changes to C++ developer experience. In addition to this, Google is also exploring the “option of a programming language designed for compile-time safety checks with less runtime performance impact.”