One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8440961 |
| Date de publication | 2024-01-11 14:18:14 (vue: 2024-01-20 12:07:23) |
| Titre | MiraclePtr: protéger les utilisateurs contre les vulnérabilités sans utilisation sans plateformes MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms |
| Texte | Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team
Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives.
More platforms
We are thrilled to announce that since our last update, we have successfully enabled MiraclePtr for more platforms and processes:
In June 2022, we enabled MiraclePtr for the browser process on Windows and Android.
In September 2022, we expanded its coverage to include all processes except renderer processes.
In June 2023, we enabled MiraclePtr for ChromeOS, macOS, and Linux.
Furthermore, we have changed security guidelines to downgrade MiraclePtr-protected issues by one severity level!
Evaluating Security Impact
First let\'s focus on its security impact. Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices. Let\'s take a closer look at each of these sources and how they inform our understanding of MiraclePtr\'s effectiveness.
Bug reports
Chrome vulnerability reports come from various sources, such as:
Chrome Vulnerability Reward Program participants,
our fuzzing infrastructure,
internal and external teams investigating security incidents.
For the purposes of this analysis, we focus on vulnerabilities that affect platforms where MiraclePtr was enabled at the time the issues were reported. We also exclude bugs that occur inside a sandboxed renderer process. Since the initial launch of MiraclePtr in 2022, we have received 168 use-after-free reports matching our criteria.
What does the data tell us? MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%. Reaching this level of effectiveness, however, required additional work. For instance, we not only rewrote class fields to use MiraclePtr, as discussed in the previous post, but also added MiraclePtr support for bound function arguments, such as Unretained pointers. These pointers have been a significant source of use-after-frees in Chrome, and the additional protection allowed us to mitigate 39 more issues.
Moreover, these vulnerability reports enable us to pinpoint areas needing improvement. We\'re actively working on adding support for select third-party libraries that have been a source of use-after-free bugs, as well as developing a more advanced rewriter tool that can handle transformations like converting std::vector into std::vector. We\'ve also made sever |
| Envoyé | Oui |
| Condensat | 105 168 2022 2023 3038 4096b 5120b 99th able access across active actively add added adding additional address addresssanitizer advanced affect after against all allocate allocation allocations allowed allows also although analysis android announce anticipate any approach approximately are area areas arguments as: associated attempts average back bartek based been behalf being benefits big bit blog bound broader browser brp bucket bug bugs but bytes can capabilities category cause causing certain change changed chrome chromeos chromium class clients closer collect come committed conclusion conducted considered contentful contention contents continually contribute conversation converting cost costs count cover coverage crash crashes criteria critical crucial cumulative cve daily data deal deallocation decision default defined delay delayed dereferenced desktop detailing detect developing devices did different discovered discussed distinguish does downgrade each effective effectively effectiveness enable enabled enables enhance enhancing estimate evaluating even examining example exceeding except exclude expanded expanding experiences experimental experiments explained exploit exploits extending external extra far feature fields find findings first five fix fixed fixes focus free frees from function further furthermore fuzzing glazunov google gpu group guidelines hadn handle has hattori have holistic hope how however identified impact implementation impressively improvement improvements incidents include including incoming increase increased inform information infrastructure initial innovation input inside inspire instance interesting internal interpreted invalid investigating investigation issue issues its june keishi larger largest last later latest launch launched layout let level libraries lifetime like limitations linux load look lower macos made main majority making many matching memory metric metrics might minor miracleptr miracleptr: mitigate mitigated mitigating moderate months more moreover most need needing negligible not noticeable nowierski object objectives obtain occur offer often one only other outweigh overall overhead overwritten page paint participants particularly partitionalloc party pattern people percentile percentiles performance perspective pinpoint plan platform platforms pointers pointer” post posted power pre predictable previous primary privileged process processes processes: program project protect protected protecting protection proven purposes pushes quarantined range reaching read received recently reference refining refresher regression regressions remains renderer report reported reports required reward rewriter rewrote robust sandboxed security select september sergei setup several severity sharing shift shipped shortens significant since six size sized sizes small smaller source sources sources: special specifically stable stack startup state std::vector std::vector> successfully such suggests summary support surrounding tab take task team teams tell terms therefore these think third thread threat thrilled through time times tool top traces transformations tries two understanding unretained update usage use used user users uses various verified version vulnerabilities vulnerability welcome well what when where which wild will windows within work working wouldn year yet zero “this |
| Tags | Tool Vulnerability Threat Mobile |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.