7/12/2023 0 Comments Microsoft edge on chrome os"To the experienced security engineer, the mention of the strcpy function immediately raises red flags," explains Jonathan Bar Or. Yes, strcpy, which is a dangerous function. And the function's C code calls out to strcpy in the standard library. The service includes a function called SetPlayerIdentity, which accepts a string argument called identity as its input. As Jonathan Bar Or, a member of the Microsoft 365 Defender research team, explains in his post, the problem follows from the use of D-Bus, an Inter-Process-Communication (IPC) mechanism used in Linux.Ī D-Bus service called (for ChromiumOS Audio Server) provides a way to route audio to newly added peripherals like USB speakers and Bluetooth headsets. The ChromeOS memory corruption vulnerability – CVE-2022-2587 – was particularly severe. But it allows the Windows giant to magnanimously point out the problems in a competitor's hardened code and to pat Google on the back for its rapid repairs. Microsoft's disclosure of the ChromeOS critical flaw isn't a zero-day since Google made the necessary repairs. Microsoft has chided Google about this several times over the years, though as early as 2011, Redmond showed itself willing to adapt with a revised security disclosure policy that arrived with word of Chrome vulnerabilities – albeit months after Google had fixed them.
0 Comments
Leave a Reply. |