Another Chrome zero-day exploit – so get that update done!
Almost exactly a month ago, or a couple of days under an average month given that February was the short one, there was a zero-day bug in Google’s Chromium browser code.
Patch now, we said.
And we’re saying it again, following Google’s otherwise cheery release of version 89.0.4389.72:
The Chrome team is delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
We’ve never quite understood Google’s mention of rolling out updates over “days/weeks” in an update bulletin that includes 47 security fixes, of which eight have a severity level of High.
In fact, we suggest going out manually and making sure you’ve got your Chrome update already, without waiting for those day/weeks to elapse until the update finds you.
If you’re using a Chromium-based product from another browser maker, check with that vendor for information about whether their build is affected by this bug, and if so whether the patch is downloadable yet. Object lifecycle issue in audio
Two of the eight High Severity bugs in this set of patches were apparently found in the same part of Chrome, denoted in Google’s list merely as: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research.
The first bug is numbered CVE-2021-21165, reported on 2021-02-04, a month ago; the second was dubbed CVE-2021-21166, reported a week after that on 2021-02-11.
An object lifecycle issue is a jargon way of referring to what probably amounts to some kind of memory mismanagement.
The word “object” refers, very loosely, to a block of memory containing some sort of data structure, together with a list of associated programmatic functions for manipulating that data.
Managing an object’s lifecycle means, amongst other things:
Ensuring that the memory it uses is reclaimed by the system when the object is no longer needed.
Taking care not to reclaim and reallocate the memory while the object is still being used.
Not doing any calculations on the object before its memory has been assigned and initialized.
Not doing the wrong sort of calculations on the data in an object, such as trying to treat a JPEG file as a PNG, or assuming that an audio clip has 16 bits per audio sample when it only has 8 bits.
Stopping two different parts of the program from clashing over access to the object.
Exploit in the wild
We don’t know what form these particular bugs took, given that the Chromium team’s discussion of the bugs in this release still seems to be in “keep-it-private-to-stave-off-the-crooks-a-while-longer” mode.
Read the rest of this article here