It has been reported that Google revealed that a patch for Chrome last week was actually a fix for a zero-day that was under active attacks. The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019. According to an update to its original announcement and a tweet from Google Chrome’s security lead, the patched bug was under active attacks at the time of the patch.
Travis Biehn, Technical Strategist – Research Lead at Synopsys:
The teams at Mozilla are experimenting with porting parts FireFox’s Cpp codebase to Rust, a language that doesn’t suffer from memory corruption attacks – the availability of a highly performant and safe systems language like Rust is a game changer for software security – and we’re excited to see more organisations looking at replacing the use of less safe low-level languages with new languages like Rust.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.