AI Identifies Vulnerabilities in FFmpeg; Chrome Launches Major Security Update
Just the facts

AI Identifies Vulnerabilities in FFmpeg; Chrome Launches Major Security Update

Summary

An AI developed by depthfirst uncovered 21 previously unknown vulnerabilities in FFmpeg, while Google released Chrome 149, addressing a record 429 security issues, including over 100 critical vulnerabilities.

A security startup has discovered 21 previously unidentified vulnerabilities in FFmpeg, a widely used media library, through its autonomous AI agent. The vulnerabilities were reported amidst the release of Google Chrome 149, which included patches for a record 429 security issues, the most addressed in a single release to date.

The FFmpeg vulnerabilities, all confirmed zero-days, stem from a program that scanned about 1.5 million lines of code and managed to identify bugs that had been latent for up to 20 years. Among those, one notable stack overflow has remained undetected since 2003. The discovered flaws include various heap and stack overflows affecting components like the TS demuxer and the VP9 decoder. Some of these vulnerabilities already have CVE identifiers assigned, while others are pending.

In parallel, Google’s Chrome 149 update addressed vulnerabilities with serious implications, including a particularly dangerous out-of-bounds error in the ANGLE graphics engine, which risked allowing malicious pages to run code on user hosts. Most of these critical vulnerabilities were identified by Google’s own research teams, with external reports contributing only a small fraction.

Despite AI being involved in other reports of vulnerabilities, Google has not explicitly connected the record vulnerability count in Chrome to AI influence. The company, however, revamped its bounty program in April to manage the growing influx of AI-generated submissions, encouraging more concise reports. As the landscape of vulnerability detection evolves with AI technologies, experts suggest that organizations may need to adapt their response strategies, emphasizing quicker patch cycles and efficient installation processes to keep up with the increasing number of identified issues.

FL Plus

Read the full story with FL Plus

Unlimited news plus the analysis behind every headline.

Unlimited news feed
See why each story scored
Full fact-check details