From the ‘open source hygiene’ files:
For the last several years, I have seen the same flaws again and again show up in the security vulnerability list for Google’s open source Chrome browser (and to be fair in Firefox lately too).
Use-after-free errors are common and frequent in browsers. Google updated Chrome this week to version 23.0.1271.91 fixing six flaws and paying out $1,500 in bug bounties.
Use-after-free errors that were publicly acknowledged by Google for the Stable update include a use-after-free flaw in SVG filters and a use-after-free flaw with printing. I suspect that a few more were found (and fixed silently) during the early development phases as well.
Time and again, Google credits the use of its open source AddressSanitizerprogram which is a memory error detection tool. Is identifying memory security issues in Chrome as easy as just pointing AddressSanitizer at the code base?
Sure seems that way, doesn’t it?
As an open source effort, other browsers and hey any other code base can leverage AddressSanitizer too to help identify flaws. Why do all these memory errors occur in the first place?
I’d suspect that it’s simply due to the fact that a tool like AddressSanitizer is not leveraged during the actual development process as some kind of IDE plugin, before code is ever even checked in. Yeaah, I know, it’s likely not that easy…or is it?