Researchers find 11 security bugs in browsers with new tool

Spread the love

Researchers at the Georgia Institute of Technology found 11 vulnerabilities in browsers, using a new analysis tool they wrote themselves. They have received $100,000 from Facebook to enable further investigation.

It is not clear in which browsers the eleven vulnerabilities are located; the Institute of Technology makes no statements about this. The bugs have already been fixed and resolved, the institute says, but the patches may not have been rolled out yet; that would explain the reluctance. It is clear that the analysis tool of the researchers, called Caver, is capable of examining Chrome and Firefox. Other C++ software can also be explored.

The Caver tool runs in real time with a browser to reveal vulnerabilities. The tool runs in conjunction with Chrome and Firefox with an overhead of 7.6 and 64.6 percent, respectively. The tool is able to find bad casting vulnerabilities, for example, where the memory can be corrupted to run its own code. Use after free bugs can also be addressed. In this case, a part of the memory is accessed after it has just been emptied. As a result, the software crashes and proprietary code can be injected.

According to the researchers, these are the bugs that are less easy to find than stack overflow and heap overflow bugs. Facebook has supported the researchers with 100,000 dollars, about 90,000 euros, to make further research possible.

You might also like
Exit mobile version