HomeTech NewsCybersecurityMicrosoft security researchers discover critical vulnerability - in ChromeOS

Microsoft security researchers discover critical vulnerability – in ChromeOS

Google operating system ChromeOS is vulnerable. However, the competition discovered the possible loophole for malicious code.

 

For example, by simply playing a prepared audio file, remote attackers could run malicious code on computers running Google’s ChromeOS with a fairly high probability. This is what Microsoft security researchers found. The operating system is already secured against such an attack.

 

In a post, Microsoft states that as “critical” classified vulnerability (CVE-2022-2022-2587) to have discovered during an investigation of the use of the free program library D-Bus for interprocess communication of the underlying Linux system. Among other things, the strcpy function should be used.

Since this function does not carry out sufficient checks on memory allocation, attackers can use it to provoke memory errors with comparatively little effort and thus push their own code onto systems and execute it.

The researchers state that they triggered a memory error via the command line with a 200-character string. According to them, this should also be possible with a little effort via the metadata of a song. Merely playing a piece of music in the browser could lead to the execution of malicious code.

Microsoft states that Google immediately recognized the severity of the vulnerability and quickly took care of the problem. ChromeOS is said to have been protected against such attacks since version 102.0.5005.125.

As part of Google’s bug bounty program, a security researcher from Microsoft received a $25,000 reward for finding and reporting the vulnerability.

Latest articles

What are the best smartphones tested by Voonze in September 2024?

Here is our selection of the best smartphones in 2024, all tested and validated...

Nvidia GeForce Now in September 2024: the start of the school year promises to be fantastic with Final Fantasy XVI and Age of Mythology

In this rainy back-to-school season, Nvidia unveils the list of games that will join...

More like this