Sign in / up

back to article Google, Apple squash exploitable browser bugs

Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild. That high-severity vulnerability, tracked as CVE-2022-2856, is an improper input validation bug, and as per usual, Google doesn't release many details about it until the bulk of Chrome users are updated and the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Dinanziame Silver badge

    From time to time, I dreamily wonder if it would be possible to "start from scratch and do it right" and create software that doesn't keep having so many security vulnerabilities. Unfortunately, I'm sure many have tried and failed.

    I vaguely remember a line that security and usability work against each other; and that if you dial security to the max, you have an unusable product, but if you dial it to zero, you still have a pretty good product like the PlayStation network.

    8 0 Reply
    1. Charlie Clark Silver badge
      Reply Icon

      The history of bugs itself is interesting: the term comes from the problems when insects got into the computers and caused errors.

      I suspect that, in theory, as all code is essentially the expression of logic, it should be possible to have code that implements the logic perfectly and run separate tests on the logic. However, I think the time has passed where it is possible to do this because modern programs are so extensive. We're also increasingly seeing the same in hardware, which is essentially software in silicon, for the same reasons.

      Best practices including static code analysis and extensive testing have helped significantly reduce many of the most common mistakes. But there are still classes of fairly common errors as the lists (input validation, memory use, etc.) continue to point out, though the errors are often less due to programming mistakes than the inevitable consequence of the complexity.

      And then there's the multimedia world in which we live. This means that, at some point, control of the hardware is given to the software. Not only does this increase the complexity, it also significantly increases the attack surface.

      4 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        > it should be possible to have code that implements the logic perfectly and run separate tests on the logic.

        Do a quick Google on formal logic and Z Notation. The problem, as I recall, is that simple things like introducing a stack mean that a program can no longer be formally proved.

        2 0 Reply
    2. ElRegioLPL
      Reply Icon

      The complexity of even a modern day web browser now is ridiculous. These things are inevitably, sadly

      5 0 Reply
    3. Snowy Silver badge
      Reply Icon
      Coat

      Windows 8

      I may be remember it wrong but did Windows 8 have quite a lot of security prompts, which at times made it not very friendly. Many of these got the okay go away (without reading) which may have had an impact on security.

      1 0 Reply
    4. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Accountability

      It's time way overdue to make software developers and hardware providers legally liable for their quality, or lack of.

      1 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    I'm waiting for the firts use after free bug reported against Rust.

    1 0 Reply
  3. MilSpec

    Chrome and Chromium

    Are there any valid concerns about these vulnerabilities regarding MS Edge given it's Chromium base? I say valid concerns meaning as in factually real.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like