Google Chrome has introduced additional security features for Flash Player.
We wrote earlier that the developers of the Google Chrome web browser for Windows added additional anti-exploit features. We are talking about the mechanisms of 64-bit tabs , High Entropy ASLR, as well as disabling the use of the win32k.sys driver in sandboxed processes. These mechanisms make it difficult for attackers to develop working RCE exploits, through which you can get full access to the system through a browser.
The latest version of Chrome has added a new feature to counter the exploit, which is attached to the released Adobe Flash Player. Recently published Flash Player exploit data shows that attackers exploit buffer overflow vulnerabilities that allow overwriting or spoiling parts of a widely used Flash vector object or buffer, thereby storing shellcode data in memory.
')
To prevent these situations from overwriting adjacent structures and buffers in memory, Chrome uses heap partitioning ( Mitigation: Vector.uint buffer heap partitioning ). At the same time, the memory for the vector 's safety-critical buffer is not allocated from the common Flash heap, which prevents the situation of its illegitimate use. The vector structure is one of the most commonly used in Flash for conveniently storing an adjacent array of various structures in memory. The security mechanism is enabled for the human uint type vector.
Another security mechanism controls the integrity of the vector buffer structure, which starts in memory from the buffer size field ( Mitigation: Vector. <*> Length validation ). This field is essential for attackers, because it allows to partially legitimize the spoilage of the buffer in memory and allows you to set the new size of the structure. For this, the browser code performs a special check by comparing the current value of this field with the one specified initially. ( If you’re the attacker secret corru corru
Chrome also uses Flash to randomize memory allocation addresses on the Flash heap, in addition to the ASLR mechanism that Windows uses by default for processes that support ASLR ( Mitigation: stronger randomization for the Flash heap ). The mechanism significantly prevents the use of heap spray mechanisms, as well as use-after-free.
The above security features of the web browser (64-bit tabs, HEASLR, prohibiting the use of win32k.sys, Flash exploit mitigations) significantly enhance its security. New security features Flash exploit mitigations are available for Flash Player from version 18.0.0.209 .
The version of Flash used by the browser can be checked by executing the about: version command in the browser’s line, or on the Adobe Flash Player web page here .
be secure.
The latest version of Chrome has added a new feature to counter the exploit, which is attached to the released Adobe Flash Player. Recently published Flash Player exploit data shows that attackers exploit buffer overflow vulnerabilities that allow overwriting or spoiling parts of a widely used Flash vector object or buffer, thereby storing shellcode data in memory.
')
To prevent these situations from overwriting adjacent structures and buffers in memory, Chrome uses heap partitioning ( Mitigation: Vector.uint buffer heap partitioning ). At the same time, the memory for the vector 's safety-critical buffer is not allocated from the common Flash heap, which prevents the situation of its illegitimate use. The vector structure is one of the most commonly used in Flash for conveniently storing an adjacent array of various structures in memory. The security mechanism is enabled for the human uint type vector.
Another security mechanism controls the integrity of the vector buffer structure, which starts in memory from the buffer size field ( Mitigation: Vector. <*> Length validation ). This field is essential for attackers, because it allows to partially legitimize the spoilage of the buffer in memory and allows you to set the new size of the structure. For this, the browser code performs a special check by comparing the current value of this field with the one specified initially. ( If you’re the attacker secret corru corru
Chrome also uses Flash to randomize memory allocation addresses on the Flash heap, in addition to the ASLR mechanism that Windows uses by default for processes that support ASLR ( Mitigation: stronger randomization for the Flash heap ). The mechanism significantly prevents the use of heap spray mechanisms, as well as use-after-free.
The above security features of the web browser (64-bit tabs, HEASLR, prohibiting the use of win32k.sys, Flash exploit mitigations) significantly enhance its security. New security features Flash exploit mitigations are available for Flash Player from version 18.0.0.209 .
The version of Flash used by the browser can be checked by executing the about: version command in the browser’s line, or on the Adobe Flash Player web page here .
be secure.
Source: https://habr.com/ru/post/262997/
All Articles