Exploit code for critical “use-after-free” bug is circulating in the wild.
Google patches its fifth zero-day vulnerability of the year in Chrome
Submitted 1 month ago by BrikoX@lemmy.zip to technology@lemmy.zip
Submitted 1 month ago by BrikoX@lemmy.zip to technology@lemmy.zip
Exploit code for critical “use-after-free” bug is circulating in the wild.
onlinepersona@programming.dev 1 month ago
C++ is such a wonderful language.
Anti Commercial-AI license
embed_me@programming.dev 1 month ago
To blame the language or to blame the programmer
bitfucker@programming.dev 1 month ago
I think the language is fair here since there are a lot of developers working on chrome. The language enabling mistakes like this is the fault because the sheer size of the project itself makes it unlikely any single person understands the whole codebase in detail. But then again, the C++ version used also matters since modern C++ also has tools to avoid footguns, but chrome predates those tools so shit is already set in stone.
expr@programming.dev 1 month ago
Given that this vulnerability was due to a use-after-free, definitely the language. Such a thing is impossible in memory-safe languages (Rust being the most obvious comparison).