"Gene Moody, field CTO at Action1, explained that, in this vulnerability, a browser frees an object, but later continues to use the stale reference memory location. Any attacker who can shape heap layout with controlled content can potentially replace the contents of that freed memory with data they control. Because this lives in the renderer, and is reachable through normal page content, he said, the trigger surface is almost absolute."
""In practical terms," he added, "a vulnerable user simply visiting a malicious page could be enough to effectively trigger the bug.""
"Hunting for and exploiting browser vulnerabilities is a popular tool for threat actors. That's because browsers are often an entry point to enterprises, particularly in an era of cloud applications. Browsers not only access corporate data, they hold sensitive information such as login credentials and personal data stored to autofill forms."
A browser frees an object but later continues to use the stale reference memory location, creating a use-after-free condition. An attacker able to shape heap layout with controlled content can replace the contents of freed memory with attacker-controlled data. Because the vulnerability resides in the renderer and is reachable through normal page content, the trigger surface is nearly universal. A vulnerable user visiting a malicious page can be enough to trigger the bug. Threat actors frequently hunt and exploit browser vulnerabilities because browsers serve as enterprise entry points, access corporate cloud applications, and store sensitive credentials and autofill personal data.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]