Google reseracher discovers about 100 bugs in browsers

Posted on Monday, January 03 2011 @ 21:34 CET by Thomas De Maesschalck
ComputerWorld reports an accidental leak may have confirmed Chinese hackers' suspicions that IE has a critical unpatched vulnerability. The bug is part of about 100 security flaws found by Google security engineer Michal Zalewski using a new "fuzzing" tool:
The bug was one of about 100 found by noted browser vulnerability researcher and Google security engineer Michal Zalewski using a new "fuzzing" tool. The vulnerabilities were in IE, Firefox, Chrome, Safari and Opera.

"I have reasons to believe that the evidently exploitable vulnerability [in IE] discoverable by cross_fuzz is independently known to third parties in China," said Zalewski, referring to the "cross_fuzz" fuzzing utility he created.

According to Zalewski's account, a developer working on WebKit -- the open-source browser engine that powers both Apple's Safari and Google's Chrome -- "accidentally leaked" the location of the then-unreleased fuzzing tool. Google's search engine then added that location to its index.

"On Dec. 30, I received ... search queries from an IP address in China, which matched keywords mentioned in one of the indexed cross_fuzz files," Zalewski said.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments