The Domato fuzzer is available to use and the results of this test are now public, so hopefully browser developers will take note and deal with the highlighted bugs. The Safari team especially needs to jump on this quickly.
| 关联规则 | 关联知识 | 关联工具 | 关联文档 | 关联抓包 |
| 参考1(官网) | |
| 参考2 | |
| 参考3 |
[SAFE-ID: JIWO-2024-731] 作者: ecawen 发表于: [2017-09-26] [2017-09-26]被用户:ecawen 修改过
本文共 [440] 位读者顶过
Google Project Zero的安全研究员创建了一个基于DOM的自动化模糊测试项目Domato,用来评估Top 5浏览器Chrome,Firefox,Internet Explorer,Edge和Safari,每个浏览器都经过了一亿次的迭代,结果显示Safari有17个bug,Chrome只有两个bug,Firefox和IE都有四个,Edge有六个。
Hackers are always looking for new vulnerabilities in the software we use, with web browsers being a key target because we all use them. Adobe Flash and more recently JavaScript vulnerbilities have been key targets, but there's another attack vector not talked about as much: the DOM.
The Document Object Model (DOM) is basically what a web browser relies on to take HTML and turn it into what end users see on their screen. DOM engines do contain bugs that can be exploited, and Google's Project Zero security team decided to see how good (or bad) the state of the top five web browser DOM engines is.
Ivan Fratric, a security researcher at Google Project Zero, created a new DOM fuzzer for the test called Domato, which has now been open sourced. A fuzzer is an automated tool that feeds random data into a piece of software and then monitors it for unexpected behavior, memory leaks, and crashes.
Domato was used to assess the current top five browsers: Chrome, Firefox, Internet Explorer, Edge, and Safari. Each browser was given 100 million iterations using the fuzzer. The results are summarized in the table below.
Typically it's Internet Explorer we expect to be the least secure web browser, but when it comes to the DOM, Apple's Safari is by far and away the worst performing. Of the 31 bugs discovered, 17 were for Safari. Chrome came out on top with just two bugs, Firefox and IE both had four, and Edge had six.
Fratric points out the results don't reflect the overall security of a web browser as they focus on one aspect of it, "but one that has historically been a source of many security issues."
Fratric concludes his write-up of the tests by saying, "DOM engines have been one of the largest sources of web browser bugs. While this type of bug are far from gone, most browsers show clear progress in this area." But the DOM still remains an area of web browsers where bugs exist and therefore can be exploited. With Flash slowly disappearing, there could certainly be more focus on trying to exploit weaknesses in DOM engines in the future.
[出自:jiwo.org]
