Security News > 2021 > February > Google looks at bypass in Chromium's ASLR security defense, throws hands up, won't patch garbage issue

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization.

About two weeks later, Google software security engineer Chris Palmer marked the bug "WontFix" because Google has resigned itself to the fact that ASLR can't be saved - Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited.

Garbage collection in the context of software refers to automatic memory management - the process of identifying data in memory that is no longer in use, and allowing that occupied memory to be reused for other things.

As a garbage collector, Oilpan performs this task by scanning memory for references to other data in memory.

The technique for doing so involves allocating an object - which is placed in memory at a location we don't know - putting an address to query into an area of memory called the stack, removing all references to the object, and triggering garbage collection.

An industry security professional who asked not to be identified told The Register that ASLR has been trivial to bypass for some time and anyone who writes exploits understands that.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/26/chrome_aslr_bypass/