Microsoft nails Google over Chrome security

Microsoft has taken aim at Google’s Chrome browser in its latest security post, saying it contains a security vulnerability.

Jordan Rabet from Microsoft’s Offensive Security Research team said they examined Google’s Chrome web browser, with a strong focus on sandboxing.

“We wanted to see how Chrome held up against a single RCE vulnerability, and try to answer: is having a strong sandboxing model sufficient to make a browser secure?” said Rabet.

Key findings from Microsoft’s research team includes:

• It is possible to find remotely-exploitable vulnerabilities in modern browsers.
• Chrome’s relative lack of Remote Code Execution (RCE) mitigations means the path from memory corruption bug to exploit can be a short one.
• Several security checks done within the sandbox result in RCE exploits being able to bypass Same Origin Policy, giving RCE-capable attackers access to victims’ online services and saved credentials.
• Chrome’s process for servicing vulnerabilities can result in the public disclosure of details for security flaws before fixes are pushed to customers.

Now read: Google Chrome 62 released

Don't miss the latest news

• Add MyBroadband as a preferred source in Google Search
• Follow MyBroadband on Google News