ProHoster > Blog > nkhani zapaintaneti > Kusatetezeka kwamasiku 0 mu Chrome kuwululidwa kudzera pakuwunika kwakusintha kwa injini ya V8

Kusatetezeka kwamasiku 0 mu Chrome kuwululidwa kudzera pakuwunika kwakusintha kwa injini ya V8

Ofufuza ochokera ku Eksodo Intelligence awonetsa Kufooka m'chiwopsezo chokhazikika mu Chrome/Chromium codebase. Vutoli limachokera ku Google kuwulula kuti zigambazo zimapangitsa kuti pakhale zovuta zachitetezo pokhapokha zitatulutsidwa, koma
Imawonjezera khodi kunkhokwe kuti ikonze chiwopsezo mu injini ya V8 isanatulutsidwe. Zokonzekera zimayesedwa kwa nthawi ndithu, ndipo zenera limatsegulidwa pamene chiwopsezocho chimakhazikitsidwa mu codebase ndipo chikupezeka kuti chiwunikidwe, koma chiwopsezocho chimakhalabe chosasinthika pamakina ogwiritsira ntchito.

Powerenga zosintha zomwe zidachitika pamalo osungira, ofufuza adawona china chake chomwe chidawonjezedwa pa February 19 kukonza ndipo m’masiku atatu adakhoza kukonzekera dyera masuku pamutu, zomwe zimakhudza mitundu yaposachedwa ya Chrome (zotulutsidwa zomwe zidasindikizidwa sizinaphatikizepo zida zodumphadutsira pa sandbox). Google mwachangu anamasulidwa Kusintha kwa Chrome 80.0.3987.122, kukonza nkhani yokhudzana ndi zomwe akufuna kuchita kusatetezeka (CVE-2020-6418). Kusatetezekaku kudapezedwa ndi mainjiniya a Google ndipo kudayamba chifukwa cha vuto la kasamalidwe ka JSCreate, lomwe litha kugwiritsidwa ntchito kudzera mu njira ya Array.pop kapena Array.prototype.pop. Mwachidziŵikire, nkhani yofananayo inali okhazikika mu Firefox chilimwe chatha.

Ofufuzawo adawonanso kuti kupanga masuku pamutu kudakhala kosavuta chifukwa chakuphatikizidwa kwa Chrome 80 makina kuyikapo zolozera (M'malo mosunga mtengo wathunthu wa 64-bit, magawo apadera apansi a pointer amasungidwa, omwe amachepetsa kwambiri kukumbukira kwa milu.) Mwachitsanzo, zida zina za data zomwe zili kumayambiriro kwa mulu, monga tebulo la ntchito zomangidwa, "zachilengedwe" zinthu, ndi mizu zinthu otolera zinyalala tsopano aikidwa pa maadiresi odziŵika bwino, olembedwa.

Chochititsa chidwi, pafupifupi chaka chapitacho, Exodus Intelligence anali zachitika Chiwonetsero chofananira cha kuthekera kopanga mwayi wogwiritsa ntchito powerenga chipika cha anthu mu V8, koma zikuwoneka kuti palibe zomwe zidapangidwa. Mu nsapato za ofufuza
Exodus Intelligence akadakhala akubera kapena mabungwe anzeru omwe, akadapanga chiwopsezo, akadakhala ndi mwayi wogwiritsa ntchito mwachinsinsi kusatetezeka kwa masiku kapena milungu ingapo kuti Chrome itulutsidwe.

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster