Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Guided in-process fuzzing of Chrome components

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Guided in-process fuzzing of Chrome components


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: feedproxy.google.com

Posted by Max Moroz, Chrome Security Engineer and Kostyra Serebryany, Sanitizer Tsar

In the past, we’ve posted about innovations in fuzzing, a software testing technique used to discover coding errors and security vulnerabilities. The topics have included AddressSanitizer, ClusterFuzz, SyzyASAN, ThreadSanitizer and others.

Today we'd like to talk about libFuzzer (part of the LLVM project), an engine for in-process, coverage-guided, white-box fuzzing:

  • By in-process, we mean that we don’t launch a new process for every test case, and that we mutate inputs directly in memory.
  • By coverage-guided, we mean that we measure code coverage for every input, and accumulate test cases that increase overall coverage.
  • By white-box, we mean that we use compile-time instrumentation of the source code.
LibFuzzer makes it possible to fuzz individual components of Chrome. This means you don’t need to generate an HTML page or network payload and launch the whole browser, which adds overhead and flakiness to testing. Instead, you can fuzz any function or internal API directly. Based on our experience, libFuzzer-based fuzzing is extremely efficient, more reliable, and usually thousands of times faster than traditional out-of-process fuzzing.

Our goal is to have fuzz testing for every component of Chrome where fuzzing is applicable, and we hope all Chromium developers and external security researchers will contribute to this effort.

How to write a fuzz target

With libFuzzer, you need to write only one function, which we call a target function or a fuzz target. It accepts a data buffer and length as input and then feeds it into the code we want to test. And... that’s it!

The fuzz targets are not specific to libFuzzer. Currently, we also run them with AFL, and we expect to use other fuzzing engines in the future.

Sample Fuzzer
See also the build rule.

Sample Bug
Check out our documentation for additional information.

Integrating LibFuzzer with ClusterFuzz

ClusterFuzz is Chromium’s infrastructure for large scale fuzzing. It automates crash detection, report deduplication, test minimization, and other tasks. Once you commit a fuzz target into the Chromium codebase (examples), ClusterFuzz will automatically pick it up and fuzz it with libFuzzer and AFL. 
ClusterFuzz supports most of the libFuzzer features like dictionaries, seed corpus and custom options for different fuzzers. Check out our Efficient Fuzzer Guide to learn how to use them.

Besides the initial seed corpus, we store, minimize, and synchronize the corpora for every fuzzer and across all bots. This allows us to continuously increase code coverage over time and find interesting bugs along the way.

ClusterFuzz uses the following memory debugging tools with libFuzzer-based buzzers:
  • AddressSanitizer (ASan): 500 GCE VMs
  • MemorySanitizer (MSan): 100 GCE VMs
  • UndefinedBehaviorSanitizer (UBSan): 100 GCE VMs
Sample Fuzzer Statistics

It’s important to track and analyze performance of fuzzers. So, we have this dashboard to track fuzzer statistics, that is accessible to all chromium developers:


Overall statistics for the last 30 days:

  • 120 buzzers
  • 112 bugs filed
  • Aaaaaand…. 14,366,371,459,772 unique test inputs!
Analysis of the bugs found so far

Looking at the 324 bugs found so far, we can say that ASan and MSan have been very effective memory tools for finding security vulnerabilities. They give us comparable numbers of crashes, though ASan crashes usually are more severe than MSan ones. LSan (part of ASan) and UBSan have a great impact for Stability - another one of our 4 core principles.


Extending Chrome’s Vulnerability Reward Program

Under Chrome's Trusted Researcher Program, we invite submission of fuzzers. We run them for you on ClusterFuzz and automatically nominate bugs they find for reward payments.

Today we're pleased to announce that the invite-only Trusted Researcher Program is being replaced with the Chrome Fuzzer Program which encourages fuzzer submissions from all, and also covers libFuzzer-based fuzzers! Full guidelines are listed on Chrome’s Vulnerability Reward Program page.
...













๐Ÿ“Œ HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing


๐Ÿ“ˆ 32.54 Punkte

๐Ÿ“Œ hotwax: Coverage-guided binary fuzzing powered by Frida Stalker and AFL


๐Ÿ“ˆ 32.54 Punkte

๐Ÿ“Œ Fuzzing Part 2 โ€“ Fuzzing with AFL


๐Ÿ“ˆ 29.63 Punkte

๐Ÿ“Œ Intro to Blackbox Fuzzing: Binary-only fuzzing (pdfinfo) using AFLplusplus


๐Ÿ“ˆ 29.63 Punkte

๐Ÿ“Œ Smart Contract Audits with ConsenSys Diligence Fuzzing - Fuzzing as a Service


๐Ÿ“ˆ 29.63 Punkte

๐Ÿ“Œ Smart Contract Audits with ConsenSys Diligence Fuzzing - Fuzzing as a Service


๐Ÿ“ˆ 29.63 Punkte

๐Ÿ“Œ Medium CVE-2017-18604: Sitebuilder dynamic components project Sitebuilder dynamic components


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ Typescript for React Components (or How To Write Components in React The Right Way)


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ React Components 101: Building Reusable Components


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ Converting React Class Components to Functional Components: A Checklist and Example


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ Lightning Web Components: Custom Nested Components


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ ๐Ÿ”„ Class Components vs Functional Components: A Lifecycle Journey in React ๐Ÿ”„


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ Embracing Modern React: Transitioning from Class Components to Functional Components


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ Embracing Modern React: Transitioning from Class Components to Functional Components


๐Ÿ“ˆ 23.51 Punkte

๐Ÿ“Œ How to build a Chrome Extension with Flutter in 2023| Guided Tutorial


๐Ÿ“ˆ 22.06 Punkte

๐Ÿ“Œ Profile Guided Optimization: Compiler-Optimierung macht Chrome 85 schneller


๐Ÿ“ˆ 22.06 Punkte

๐Ÿ“Œ Chrome just got faster with Profile Guided Optimization


๐Ÿ“ˆ 22.06 Punkte

๐Ÿ“Œ Fuzzing JavaScript WebAssembly APIs with Dharma/Domato (Chrome/v8)


๐Ÿ“ˆ 19.16 Punkte

๐Ÿ“Œ BFuzz - Fuzzing Browsers (Chrome & Firefox)


๐Ÿ“ˆ 19.16 Punkte

๐Ÿ“Œ Fuzzing JavaScript WebAssembly APIs with Dharma/Domato (Chrome/v8)


๐Ÿ“ˆ 19.16 Punkte

๐Ÿ“Œ Fundamentals of Google Cloud Platform: A Guided Tour (GDD Europe '17)


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Oracle Commerce Guided Search up to 6.5.2 information disclosure


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Ohne Guided Selling geht im Online-Handel nichts mehr


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Oracle 9.2 Guided Self Service privilege escalation


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Precursor - A Guided Tour of the Precursor Motherboard - Mobile, Open-Hardware, RISC-V System-on-Chip (SoC)


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ [Photo Novel] Guided tour of Mobilizon (v1 is out!)


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Stack Overflow 2019 hack was guided by advice from none other than... Stack Overflow


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Fitbit partners with Deepak Chopra to bring guided meditation to premium service


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Arch Linux got a guided installer in latest iso


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Oracle Commerce Guided Search 11.3.0/11.3.1/11.3.2 Workbench/Experience Manager cross site scripting


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ Oracle Commerce Guided Search 11.3.2 Content Acquisition System information disclosure


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ CVE-2020-28052 | Oracle Commerce Guided Search 11.3.2 Framework/Experience Manager Remote Code Execution


๐Ÿ“ˆ 17.72 Punkte

๐Ÿ“Œ All Wrestling Kodi Add-on โ€“ Installation and Guided Tour


๐Ÿ“ˆ 17.72 Punkte

matomo