|
|
|
|
|
|
by madmax96
2313 days ago
|
|
|
>Nice hyperbole Not hyperbole. Most of these bugs are never known to be exploited by attackers. >Check the stats In your first link, there was one memory corruption vulnerability in Chrome last year. If we're looking at RCEs, CVE-2019-5762 and CVE-2019-5756 appear to have the same root cause (a memory bug), and CVE-2018-6118, CVE-2018-6111, and CVE-2017-15401 (which is also the memory corruption vulnerability) are also memory bugs. So it looks like Chrome had ~4 serious memory vulnerabilities last year. Don't have time to dig right now, but it appears similar observations hold for [1]. |
|
|
You have moved the goalposts. Of course there are lots of reasons why a bug might not be exploited by attackers, e.g. "the attackers exploited some other bug" or "no-one uses that software". That is not reassuring.
> In your first link, there was one memory corruption vulnerability in Chrome last year.
I don't know how you determined that, but it's just wrong. https://www.cvedetails.com/vulnerability-list/vendor_id-1224... Bugs 2, 3, 4, 8, 9, 10, 14 and 15 are obviously memory safety vulnerabilities. Many of the others probably are too, if you dig into them.