Google patches Active Remote Code Execution exploit

[rcmaehl]

Summary

Attackers are actively using a Zero Day in Chrome to run un-sandboxed code on users' computers. Chrome has released an emergency patch

 

Quotes

Quote

Google has released an update for Chrome on the desktop and Android that fixes a high-risk vulnerability that has been exploited in the wild. A heap buffer overflow in Chrome’s GPU and could allow an attacker to execute arbitrary code on a target device. “Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” Clement Lecigne of Google’s Threat Analysis Group reported this vulnerability, which lends some context to the discovery of an in-the-wild exploit. TAG is Google’s in-house team that tracks state-backed actors and APT groups and works to disrupt their operations. Organizations that deploy Chrome on the desktop and/or on Android devices should update to the latest version as soon as possible.

 

My thoughts

Welp, looks like some Nation State is up to something considering the group that found the exploit. I'm not surprised considering the on-going situation within this past year. It should be noted that this issue is reported to affect all Chromium based browsers, but I haven't been able to confirm this information.

 

Sources

Duo (quote source)

Security Week

Google Statement 

[Mark Kaine]

2 hours ago, rcmaehl said:

via a crafted HTML page

so this is one of those things where you need to visit a certain site? (like... i dunno some fake site, i guess?)

 

2 hours ago, rcmaehl said:

Chrome prior to 107.0.5304.121

well i already was on 107.0.5304.121, now 107.0.5304.122

 

 

2 hours ago, rcmaehl said:

buffer overflow

you'd think devs would have caught up to this trick considering how old it is, seems almost something you can do over and over and they can't (for whatever reason) prevent it.

 

(almost all hacks are done through some buffer overflow exploit afaik)

 

 

ps: 

2 hours ago, rcmaehl said:

this issue is reported to affect all Chromium based browsers

also android / chromium browsers? 

[rcmaehl]

1 hour ago, Mark Kaine said:

so this is one of those things where you need to visit a certain site? (like... i dunno some fake site, i guess?)

 

well i already was on 107.0.5304.121, now 107.0.5304.122

 

 

you'd think devs would have caught up to this trick considering how old it is, seems almost something you can do over and over and they can't (for whatever reason) prevent it.

 

(almost all hacks are done through some buffer overflow exploit afaik)

 

 

ps: 

also android / chromium browsers? 

• Yes
• Ok
• Yep
• Nope
• Probably

[Mark Kaine]

11 minutes ago, rcmaehl said:

Nope

???

 

what is it then? (i meant hardware / software hacking obviously,  not 123password guessing : D )

[LAwLz]

2 hours ago, Mark Kaine said:

so this is one of those things where you need to visit a certain site? (like... i dunno some fake site, i guess?)

Seems like it. Or a legit site that happens to pull content from other sites. For example ads or just allowing users to embed stuff. 

 

 

2 hours ago, Mark Kaine said:

you'd think devs would have caught up to this trick considering how old it is, seems almost something you can do over and over and they can't (for whatever reason) prevent it.

 

(almost all hacks are done through some buffer overflow exploit afaik)

That's kind of like saying "most traffic accidents involve cars. You'd think car manufacturers would have solved this issue already".

 

It's also not one thing they do over and over. Each attack is different but falls under the umbrella term "buffer overflow". 

[wanderingfool2]

3 hours ago, Mark Kaine said:

you'd think devs would have caught up to this trick considering how old it is, seems almost something you can do over and over and they can't (for whatever reason) prevent it.

 

(almost all hacks are done through some buffer overflow exploit afaik)

That's like saying books are published with spelling errors in it.  Or text books are published with errors in it and why don't they catch onto it.

 

When you write something that has millions of lines of code it's bound to have a few logic errors in it that cause an issue.  It's not like it is even always a glaring issue

int buffIssue(char* userInput) {
	char buffer[256];
    for(int i=0; userInput[i] != '\0'; i++) {
    	buffer[i] = userInput[i];
    }
}

//In some global header file
#define MAXBUFFERSIZE 512
char badlyAllocatedBufferSomewhereInAHeaderFileNotInCode[256];

//In a c file.
int buffIssue(char* userInput) {
    for(int i=0; userInput[i] != '\0' || i < MAXBUFFERSIZE; i++) {
    	badlyAllocatedBufferSomewhereInAHeaderFileNotInCode[i] = userInput[i];
    }	
}

typedef struct {
	char* buff;
    int len;
} name;

void resizeName(int i) {
	free(name.buff); //Okay so I know this is a different issue but quickness it writing
	name.buff = malloc(sizeof(char)*i);
    name.len = i;
}

//Threaded application calling each line in a different thread
resizeName(5);
resizeName(6);
resizeName(7);

//Depending how the threads ran you could have the buff size be 5,6,7 and the length being 5,6,7.  So if you have len 7 but buff size was 5 you have a buffer overflow.  This one would be harder to detect as well by code analysis as from my knowledge it doesn't have the concept of non-threadsafe methods...and when running the code you could very well have it working 99.9% of the time, and the 0.1% is when it might crash.  Buffer overflows don't always cause a crash when running the code...so it can be a bit hard to pick up sometimes.

Of course the above is very simplistic examples, but it's quite possible to have this kind of error in it and no one would be the wiser.

 

Luckily Chrome pretty much autoupdates anyways so a majority of the people are running the fixed version.  Wonder if it exists on Android systems though, too lazy to check.

[Doobeedoo]

So I take it same for Edge I mean that thing will auto update though.