The majority of critical vulnerabilities in Google Chrome are attributed to faulty memory usage, Google technicians confirmed.
According to Google, 70 percent of all security problems with Chrome are memory-related. Half of these are use-after-free vulnerabilities; these errors occur when Chrome tries to access memory after the memory has been freed. This allows hackers to access Chrome easily and subsequently attack internal components.
Google analysed a total of 912 ‘high severity’ and ‘critical’ security flaws in all stable Chrome versions since 2015. Of the 130 critical vulnerabilities found by Chrome since March 2019, 125 were caused by memory corruption issues.
C and C++
Google is not the only company struggling with memory-related problems in their products. Microsoft also indicated that approximately 70 percent of the vulnerabilities in their products are related to memory problems. It’s safe to assume that the biggest problem lies in the programming languages C and C++.
These programming languages were built during a time when cyber-attacks and security problems did not occur on such a large scale as they do now. Developers using C and C++ have full control over how they manage an app’s memory pointers, but these programming languages do not have the capabilities to alert developers when they’re making memory management errors. This then results in various vulnerabilities in applications including use-after-free, buffer overflow and more.