Jan 04 2024

Google Chrome Use After Free Flaw Let Attacker Hijack Browser

Category: Cyber Attack,Information Security,Web Securitydisc7 @ 10:26 am

The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows, is now available and will shortly be rolled out to all users.

Furthermore, the Extended Stable channel has been updated to 120.0.6099.200 for Windows and 120.0.6099.199 for Mac.

There are six security fixes in this release. Three of these flaws allowed an attacker to take control of a browser through use-after-free conditions.

Use-after-free is a condition in which the memory allocation is freed, but the program does not clear the pointer to that memory. This is due to incorrect usage of dynamic memory allocation during an operation. 

CVE-2024-0222: Use After Free In ANGLE

Use after free in ANGLE in Google Chrome presents a high-severity vulnerability that might have led to a remote attacker compromising the renderer process and using a crafted HTML page to exploit heap corruption.

Google awarded $15,000 to Toan (suto) Pham of Qrious Secure for reporting this vulnerability.

CVE-2024-0223: Heap Buffer Overflow In ANGLE

This high-severity flaw was a heap buffer overflow in ANGLE that could have been exploited by a remote attacker using a crafted HTML page to cause heap corruption. 

Toan (suto) Pham and Tri Dang of Qrious Secure received a $15,000 reward from Google for discovering this vulnerability.

CVE-2024-0224: Use After Free In WebAudio

A high-severity use after free in WebAudio in Google Chrome might potentially allow a remote attacker to exploit heap corruption through a manipulated HTML page.

Google awarded Huang Xilin of Ant Group Light-Year Security Lab a $10,000 reward for finding this issue.

CVE-2024-0225: Use After Free In WebGPU

A remote attacker may have been able to exploit heap corruption through a specifically designed HTML page due to high severity vulnerability in Google’s use after free in WebGPU.

The details about the reporter of this vulnerability were mentioned as anonymous. 

The use after free conditions existed in Google Chrome before version 120.0.6099.199. To avoid exploiting these vulnerabilities, Google advises users to update to the most recent version of Google Chrome.

How To Update Google Chrome

  • Open Chrome.
  • At the top right, click More.
  • Click Help About Google Chrome.
  • Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
  • Click Relaunch.

Browser Security Platform Checklist

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Google Chrome


Oct 13 2023

HOW GOOGLE CHROME VULNERABILITY CAN PUT MILLIONS OF USERS IN DANGER – SAFEGUARD YOUR DATA NOW!

IN-DEPTH ANALYSIS: NAVIGATING THE PERILS OF CVE-2023-5218 IN GOOGLE CHROME

The digital realm, while offering boundless possibilities, is also a fertile ground for myriad cybersecurity threats. One such peril that has recently come to light is the User-After-Free vulnerability in Google Chrome, specifically identified as CVE-2023-5218. This vulnerability not only poses a significant threat to user data and system integrity but also opens a Pandora’s box of potential cyber-attacks and exploitations.

UNRAVELING THE USER-AFTER-FREE VULNERABILITY

The User-After-Free vulnerability is a type of cybersecurity flaw that surfaces when a program continues to utilize memory space after it has been freed or deleted. This flaw allows attackers to execute arbitrary code or potentially gain unauthorized access to a system. CVE-2023-5218, identified within Google Chrome, was noted to be potentially exploitable to perform such malicious actions, thereby putting users’ data and privacy at substantial risk.

TIMELINE AND DISCOVERY

CVE-2023-5218 was unveiled to the public through various cybersecurity platforms and researchers who detected unusual activities and potential exploitation trails leading back to this particular flaw. This vulnerability was identified to be present in a specific Chrome component, prompting Google to release a flurry of updates and patches to mitigate the associated risks.

THE EXPLOIT MECHANICS

Exploiting CVE-2023-5218 allows attackers to manipulate the aforementioned ‘freed’ memory space, enabling them to execute arbitrary code within the context of the affected application. In the context of Chrome, this could potentially allow attackers unauthorized access to sensitive user data, such as saved passwords or personal information, or even navigate the browser to malware-laden websites without user consent.

THE POTENTIAL IMPACT

The exploitation of CVE-2023-5218 could have a multifold impact:

  • Data Theft: Sensitive user data, including login credentials, personal information, and financial details, could be compromised.
  • System Control: Attackers could gain control over the affected system, using it to launch further attacks or for other malicious purposes.
  • Malware Spread: By redirecting browsers to malicious websites, malware could be injected into users’ systems, further expanding the impact of the attack.

TECHNICAL INSIGHTS INTO CVE-2023-5218

  • Vulnerability Class: Use After Free
  • Impact: Confidentiality, Integrity, and Availability
  • Disclosure Date: 10/11/2023
  • AdvisoryChrome Releases Blog
TECHNICAL SYNOPSIS

The vulnerability is rooted in the improper handling of memory in the Site Isolation component of Google Chrome. The flaw arises from referencing memory after it has been freed, which can lead to program crashes, unexpected value utilization, or arbitrary code execution. The vulnerability is classified under CWE-416 and CWE-119, indicating its potential to improperly restrict operations within the bounds of a memory buffer and its susceptibility to use after free exploits.

MITIGATION AND COUNTERMEASURES

The primary mitigation strategy recommended is upgrading to Google Chrome version 118.0.5993.70, which eliminates this vulnerability. However, considering the potential risks associated with such vulnerabilities, organizations and individual users are advised to:

  • Regularly update and patch software to safeguard against known vulnerabilities.
  • Employ robust cybersecurity practices, including using security software and adhering to safe browsing practices.
  • Educate users on recognizing and avoiding potential phishing attempts or malicious sites that might exploit such vulnerabilities.

CONCLUSION

The identification and subsequent mitigation of CVE-2023-5218 underscore the perpetual battle between cybersecurity professionals and cyber adversaries. While this vulnerability has been addressed in the latest Chrome update, it serves as a potent reminder of the criticality of maintaining up-to-date systems and employing prudent cybersecurity practices. As we navigate through the digital era, the complexity and sophistication of cyber threats continue to evolve, making vigilance and preparedness crucial in ensuring secure digital interactions.

The Google Workspace Bible: [14 in 1] The Ultimate All-in-One Guide from Beginner to Advanced | Including Gmail, Drive, Docs, Sheets, and Every Other App from the Suite

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Google Chrome


Apr 20 2023

DANGEROUS 0 DAY VULNERABILITY IN GOOGLE CHROME

Category: Security vulnerabilities,Web SecurityDISC @ 7:56 am

DANGEROUS 0 DAY VULNERABILITY IN GOOGLE CHROME : CVE-2023-2136

The previous week, Google put out an emergency security fix for its browser, and today, the company rolled out another emergency security update to address a vulnerability that is being exploited in the wild.
The update is now available for desktop versions of Google Chrome as well as the Android version of Chrome. Users are encouraged to install updates as soon as they are made available in order to safeguard their devices against prospective attacks that exploit these vulnerabilities.

Google has listed five of the eight security problems that were addressed in the most recent version to Google Chrome. Google says that these issues have been handled. The official Chrome Releases blog has provided documentation of these recent improvements. On the other hand, Google does not make publicly known the security flaws that were found during the company’s own internal investigations.

Out-of-bounds memory access in the Service Worker API is a high-risk vulnerability (CVE-2023-2133).

Out-of-bounds memory access in the Service Worker API is a high-risk vulnerability (CVE-2023-2134).


Use after free in DevTools is a high-risk vulnerability (CVE-2023-2135).

Integer overflow in Skia, a high-risk vulnerability( CVE-2023-2136).


Heap buffer overflow in sqlite, rated as medium severity (CVE-2023-2137).


According to Google’s findings, the security flaw CVE-2023-2136 is being actively exploited in the wild.

A 2D graphics library called Skia, which is frequently used in web browsers, operating systems, and other software applications, has a flaw known as CVE-2023-2136, which is an integer overflow vulnerability. An integer overflow happens when an arithmetic operation results in a number that is more than the maximum limit of the integer type. This causes the value to wrap around and become either much smaller or much bigger than what was meant for it to be. An integer overflow may be avoided by ensuring that the maximum limit of the integer type is not exceeded.

This indicates that threat actors have already started exploiting this vulnerability in order to target systems and breach them. The results of a successful exploit may be somewhat variable, but they almost always involve at least one of the following: unauthorized access to sensitive information; data corruption; or even a total system takeover.

The Chrome Stable channel has been updated to version 112.0.5615.137 for Windows and Mac, and it has been updated to version 112.0.5615.135 for Android; these updates will roll out over the next few days or weeks.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Google Chrome


Jan 13 2023

Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users

Category: Web SecurityDISC @ 10:01 am

The vulnerability (CVE-2022-3656), allowed remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details.

The cyber security researchers at Imperva Red Team have shared details of a recently discovered and patched vulnerability that impacted over 2.5 billion Google Chrome users and all Chromium-based browsers, including Opera and Edge.

Vulnerability Details

The vulnerability is tracked as CVE-2022-3656, allowing remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details. Further probe revealed that the issue emerged due to how the Chrome browser interacted with symlinks while processing directories and files.

As per Imperva’s researcher Ron Masas, the browser didn’t check whether the symlink pointed to a location that wasn’t accessible, encouraging the stealing of sensitive files. Google characterized it as a medium-severity vulnerability caused due to inadequate data validation in File System. The company released a fix in the Chromium versions 107 and 108 released in Oct and Nov 2022, respectively.

What is SymStealer?

In their report, Imperva researchers named the flaw SymStealer. The issue occurs when the attacker exploits the File System to evade program restrictions and access unauthorized files. Imperva’s analysis revealed that when a user drags and drops a folder directly onto a file input element, the browser recursively resolves all symlinks without displaying a warning.

For your information, a symlink is also called a symbolic link. It is a file that points to a directory or file and lets the OS treat it as if it was stored at the symlink’s location. Usually, this feature helps users in creating shortcuts, file organisation, and redirect file paths.

But Imperva’s research revealed that this feature could be exploited to introduce vulnerabilities such as this one that emerged due to how browsers interacted with symlinks for file/directories processing. This issue is also called symbolic link following.

Attack Scenario

Through this weakness, the attacker can trick a victim into accessing a compromised website and download a ZIP archive file that contains the symlink to a valuable folder or file present on the device e.g. wallet keys. When this file is uploaded back to this site as an infection chain component like a crypto wallet service, the user is prompted to upload their recovery keys.

The attacker can now traverse the symbolic link and access the original file storing the key phrase. Imperva researchers devised a proof-of-concept using CSS trickery to modify the file input element’s size so that the file uploads regardless of where the folder drops on the page and information is stolen successfully.

It is important to always keep your software up to date in order to protect against the latest vulnerabilities and ensure that your personal and financial information remains secure.

Imperva

Information Assurance Directorate: Deploying and Securitign Google Chrome in a Windows Enterprise

Tags: Credential Stealing Flaw, Google Chrome