Apr 20 2023


Category: Security vulnerabilities,Web SecurityDISC @ 7:56 am


The previous week, Google put out an emergency security fix for its browser, and today, the company rolled out another emergency security update to address a vulnerability that is being exploited in the wild.
The update is now available for desktop versions of Google Chrome as well as the Android version of Chrome. Users are encouraged to install updates as soon as they are made available in order to safeguard their devices against prospective attacks that exploit these vulnerabilities.

Google has listed five of the eight security problems that were addressed in the most recent version to Google Chrome. Google says that these issues have been handled. The official Chrome Releases blog has provided documentation of these recent improvements. On the other hand, Google does not make publicly known the security flaws that were found during the company’s own internal investigations.

Out-of-bounds memory access in the Service Worker API is a high-risk vulnerability (CVE-2023-2133).

Out-of-bounds memory access in the Service Worker API is a high-risk vulnerability (CVE-2023-2134).

Use after free in DevTools is a high-risk vulnerability (CVE-2023-2135).

Integer overflow in Skia, a high-risk vulnerability( CVE-2023-2136).

Heap buffer overflow in sqlite, rated as medium severity (CVE-2023-2137).

According to Google’s findings, the security flaw CVE-2023-2136 is being actively exploited in the wild.

A 2D graphics library called Skia, which is frequently used in web browsers, operating systems, and other software applications, has a flaw known as CVE-2023-2136, which is an integer overflow vulnerability. An integer overflow happens when an arithmetic operation results in a number that is more than the maximum limit of the integer type. This causes the value to wrap around and become either much smaller or much bigger than what was meant for it to be. An integer overflow may be avoided by ensuring that the maximum limit of the integer type is not exceeded.

This indicates that threat actors have already started exploiting this vulnerability in order to target systems and breach them. The results of a successful exploit may be somewhat variable, but they almost always involve at least one of the following: unauthorized access to sensitive information; data corruption; or even a total system takeover.

The Chrome Stable channel has been updated to version 112.0.5615.137 for Windows and Mac, and it has been updated to version 112.0.5615.135 for Android; these updates will roll out over the next few days or weeks.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Google Chrome

Jan 13 2023

Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users

Category: Web SecurityDISC @ 10:01 am

The vulnerability (CVE-2022-3656), allowed remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details.

The cyber security researchers at Imperva Red Team have shared details of a recently discovered and patched vulnerability that impacted over 2.5 billion Google Chrome users and all Chromium-based browsers, including Opera and Edge.

Vulnerability Details

The vulnerability is tracked as CVE-2022-3656, allowing remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details. Further probe revealed that the issue emerged due to how the Chrome browser interacted with symlinks while processing directories and files.

As per Imperva’s researcher Ron Masas, the browser didn’t check whether the symlink pointed to a location that wasn’t accessible, encouraging the stealing of sensitive files. Google characterized it as a medium-severity vulnerability caused due to inadequate data validation in File System. The company released a fix in the Chromium versions 107 and 108 released in Oct and Nov 2022, respectively.

What is SymStealer?

In their report, Imperva researchers named the flaw SymStealer. The issue occurs when the attacker exploits the File System to evade program restrictions and access unauthorized files. Imperva’s analysis revealed that when a user drags and drops a folder directly onto a file input element, the browser recursively resolves all symlinks without displaying a warning.

For your information, a symlink is also called a symbolic link. It is a file that points to a directory or file and lets the OS treat it as if it was stored at the symlink’s location. Usually, this feature helps users in creating shortcuts, file organisation, and redirect file paths.

But Imperva’s research revealed that this feature could be exploited to introduce vulnerabilities such as this one that emerged due to how browsers interacted with symlinks for file/directories processing. This issue is also called symbolic link following.

Attack Scenario

Through this weakness, the attacker can trick a victim into accessing a compromised website and download a ZIP archive file that contains the symlink to a valuable folder or file present on the device e.g. wallet keys. When this file is uploaded back to this site as an infection chain component like a crypto wallet service, the user is prompted to upload their recovery keys.

The attacker can now traverse the symbolic link and access the original file storing the key phrase. Imperva researchers devised a proof-of-concept using CSS trickery to modify the file input element’s size so that the file uploads regardless of where the folder drops on the page and information is stolen successfully.

It is important to always keep your software up to date in order to protect against the latest vulnerabilities and ensure that your personal and financial information remains secure.


Information Assurance Directorate: Deploying and Securitign Google Chrome in a Windows Enterprise

Tags: Credential Stealing Flaw, Google Chrome