Gap parche en Chrome podría haber sido Weaponized por los atacantes
CYBER NOTICIAS

Gap parche en Chrome podría haber sido Weaponized por los atacantes

1 Star2 Stars3 Stars4 Stars5 Stars (2 votos, promedio: 5.00 de 5)
Cargando ...

espaciamiento parche es un problema grave que pone en peligro un sistema de exploits. El problema se deriva de una brecha en el tiempo antes de que un parche de una vulnerabilidad de seguridad en un software de código abierto se envía a los usuarios.




The vulnerability may have been fixed already, or in the process of being fixed, and attackers can exploit the time before the patch arrives on users’ devices. This window, in which the knowledge of the vulnerability is semi-public while the user-base remains vulnerable, can range from days to months, explains security researcher István Kurucsai.

The Patch Gap in Google Chrome Explained

The researcher just discovered an instance of this issue in Google Chrome. The flaw could have been exploited in attacks against Chrome users days before the patch arrived.

It should be noted that not all patch gaps can be weaponized in attacks, and they are not that common. No obstante, Kurucsai discovered one in Google Chrome’s v8 open-source component which is used as the browser’s JavaScript engine.

An interesting change list on chromium-review piqued our interest in mid-August. It was for an issue affecting sealed and frozen objects, including a regression test that triggered a segmentation fault. It has been abandoned (and deleted) since then in favor of a different patch approach, with work continuing under CL 1760976, which is a much more involved change, the researcher wrote in una entrada de blog.

Poco dicho, the patch gap is due to the V8 issue which was patched in August. “Since the fix turned out to be so complex, the temporary solution for the 7.7 v8 branch was to disable the affected functionality. This will only be rolled into a stable release on the 10th of September,” el investigador explicó. En otras palabras, the issue should now be closed with the release of Chrome 77.

Relacionado: Los investigadores Revelar sin parches Android de día cero

According to the researcher and his team, attackers had plenty of time to weaponize this issue through the v8 changelog for security fixes. Even though the conception of a Chrome exploit is not an easy task, an attacker who is an expert in JavaScript could have done it. To prove his point, Kurucsai also released a PoC (prueba de concepto) on GitHUb. The PoC leverages the initial v8 problem to run malicious code in Chrome.

It should be noted that the PoC is not efficient enough as a second vulnerability to escape the Chrome sandbox is needed. Sin embargo, attackers still could have utilized older Chrome sandbox escape flaws to leverage them with the patch gap issue.

El año pasado, researchers Karsten Nohl and Jakob Lell from security firm Security Research Labs uncovered a hidden patch gap in Android devices. Los dos se llevó a cabo un análisis de dos años de 1,200 Android phones only to discover that most Android vendors regularly forget to include some patches, partes salientes del ecosistema expuestos a diversas amenazas.

avatar

Milena Dimitrova

Un escritor inspirado y gestor de contenidos que ha estado con SensorsTechForum de 4 año. Disfruta ‘Sr.. Robot’y miedos‘1984’. Centrado en la privacidad de los usuarios y el desarrollo de malware, ella cree firmemente en un mundo donde la seguridad cibernética juega un papel central. Si el sentido común no tiene sentido, ella estará allí para tomar notas. Esas notas pueden convertirse más tarde en artículos!

Más Mensajes

Dejar un comentario

Su dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

Se agotó el tiempo límite. Vuelve a cargar de CAPTCHA.

Compartir en Facebook Compartir
Cargando ...
Compartir en Twitter Pío
Cargando ...
Compartir en Google Plus Compartir
Cargando ...
Compartir en Linkedin Compartir
Cargando ...
Compartir en Digg Compartir
Compartir en Reddit Compartir
Cargando ...
Compartir en Stumbleupon Compartir
Cargando ...