Home Cyber Security Chrome team reveals majority of security issues are memory-related

Chrome team reveals majority of security issues are memory-related

Google Chrome security issues
Google Chrome security issues

We have seen that security has become the focus for everyone right now and we are seeing hacking incidents taking place almost every day due to the fact that people working on security issues are less and they remain unattended. Apart from the companies and software that are getting hacked, we know that Google Chrome is known to have lots of security bugs as well. The best web browser in the world has also been criticized a lot for being vulnerable for hacking and many times, hacking incidents have been due to Chrome as well.

Due to that reason, we now have Google Chrome’s security team addressing the issue and clearing some facts regarding the bugs that have been reported. As far as the Google Chrome team is concerned, they have revealed that 70% of the bugs that are present in the Chrome browser are related to memory safety issues.

Google’s engineers say that “Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome’s inner components”.

As far as the percentage of these bugs by Google engineers is concerned, it is known that “912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a “high” or “critical” severity rating” have been analyzed and this has been known as the outcome. Now, it is more interesting to note that Microsoft also revealed the same stats last year while speaking at a security conference in February 2019.

In that conference, Microsoft engineers revealed that 70% of their products also have security issues related to memory safety vulnerabilities meaning that this is a global problem in software companies and there needs to be a common solution to this. They also reveal that C and C++, the two predominant programming languages in their codebases, are “unsafe” languages.