Exploit code for critical “use-after-free” bug is circulating in the wild.
Google patches its fifth zero-day vulnerability of the year in Chrome
Submitted 2 years ago by BrikoX@lemmy.zip to technology@lemmy.zip
Submitted 2 years ago by BrikoX@lemmy.zip to technology@lemmy.zip
Exploit code for critical “use-after-free” bug is circulating in the wild.
onlinepersona@programming.dev 2 years ago
C++ is such a wonderful language.
Anti Commercial-AI license
embed_me@programming.dev 2 years ago
To blame the language or to blame the programmer
bitfucker@programming.dev 2 years ago
I think the language is fair here since there are a lot of developers working on chrome. The language enabling mistakes like this is the fault because the sheer size of the project itself makes it unlikely any single person understands the whole codebase in detail. But then again, the C++ version used also matters since modern C++ also has tools to avoid footguns, but chrome predates those tools so shit is already set in stone.
expr@programming.dev 2 years ago
Given that this vulnerability was due to a use-after-free, definitely the language. Such a thing is impossible in memory-safe languages (Rust being the most obvious comparison).