CYBER NEWS

Firefox vs. Google Chrome 2015: Falhas de segurança Unveiled

Quando um navegador web está enfrentando uma grande atualização, há duas decisões que os desenvolvedores geralmente rosto: se para otimizar o código ou para adicionar novos recursos ao navegador. It all sounds great up until the moment when the inevitable exploits and security gaps arise from the depths of the code. Neste artigo, we have managed to identify the latest security flaws that have been discovered in the two most commonly used web browsers – Mozilla Firefox and Google Chrome.
Google-cromo

Buffer Overflow in the XML Parser in All Versions Before 38.0

What is specific about the exploit is that an attacker could be able to insert and activate any random code, without requiring any specific skills to do so. As a result of that, the potential attacker could have gained access to valuable information, stored in the browser. portanto, personal information could be exposed partially. Contudo, there also had been a possibility that the attacker was able to modify system files and make them available for cyber criminals.

The update.exe Flaw

This flaw was very critical since it was connected to one of the most exploited vulnerabilities in any softwarethat hackers can exploit and assume control over your system. The specifics about this flaw is that on Windows OS systems, the browser did not confirm and ensure that the pathway of the executable is located in its original position in the app directory. To evaluate, this means that it was open for modifications or even replacements with a Trojan Horse by users in the network (pior cenário), giving hackers full control over your computer without your consent.

The asm.js Flaw

The asm.js is the programming language that allows computer engines, based on C++ and JavaScript such as your online games on Facebook, run through your browser as if they were installed on your PC. The particular security gap that was discovered with this exploit was that it could allow individuals with talents in coding and JavaScript to steal information such as website and banking credentials, endereço de e-mail, etc.

Given that Firefox experienced many changes over the years, we should not neglect its Rival Google Chrome because it is the most widely used browser out there.

The Row-hammer Exploit

Row-hammer represents a vulnerability in Dynamic Random-Access Memory, which has a lot to do with the manual override of the memory cells of the DRAM organization. Google security experts have recently discovered that a .cc sandbox file did not have limits for NaCl (native client). além disso, this exploit is based on gaps in the DRAM, which could cause errors and provide access to the user without any security authentication and disclose vital information to hackers. Below we see the clflush commands that are used to perform the attack:
wikipedia

The DDoS Exploits

Google experts and other anonymous professionals have uncovered multiple exploits in Google Chrome in various locations of the program that create prerequisites for sending multiple packets and crashing the browser known as DDoS attack.

All of the exploits gave way to partial exposure of user credentials and other information, as well as possible modification over some system files and degraded browser performance.

HTMLConstructionsite.cpp Weakness

The code of the HTMLConstructionside.Cpp represented a weakness in regards to the fact that in the executeReparentTask scripts which manage child and parent task, according to the script language, can easily be modified by hackers and set to do variety of damages to the user. By having modified the ‘child’ script below, a malicious code could have been able to steal information from the user and, até certo ponto, modify the system files. Below is a small portion of the task script of HTMLConstructionside.cpp.

It is crucial to raise awareness, regarding those web exploits, Porque, even though they have already been fixed in the newer updates, you never know when a new exploit is going to create an opportunity for black hats to exploit and infect your computer with the various types of malware. That is why frequently updating your anti-malware program is always recommended by security experts.

Avatar

Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...