Google has had a tough time, of late. From the WPA2 vulnerability that affected almost half of all Android devices, which the company says will be fixed in the coming weeks, to a Maps goof up that led to people accusing the company of fat-shaming women, on social media. Now, Microsoft has revealed a few exploits in Google's prized browser, Chrome.
First, some background. A few days ago, Google criticized Microsoft for its patching policies and blamed the company for putting Windows 7 users "at risk". The Redmond company's Offensive Security Research (OSR) has now hit back at the company by publishing a remote code execution exploit in Chrome. The bug has been assigned CVE-2017-5121.
Their findings included:
- Our discovery of CVE-2017-5121 indicates that it is possible to find remotely exploitable vulnerabilities in modern browsers
- Chrome’s relative lack of RCE mitigations means the path from memory corruption bug to exploit can be a short one
- Several security checks being done within the sandbox result in RCE exploits being able to, among other things, bypass Same Origin Policy (SOP), giving RCE-capable attackers access to victims’ online services (such as email, documents, and banking sessions) and saved credentials
- Chrome’s process for servicing vulnerabilities can result in the public disclosure of details for security flaws before fixes are pushed to customers
Microsoft found the bug using a technique used often by Google, fuzzing. They employed ExprGen, an internal JavaScript fuzzer written by the team behind Chakra- the company's own JS engine. Doing this, they ran their code and were able to exploit memory corruption vulnerabilities such as the buffer overflow. Eventually, it was found that the RCE exploit could be used to manipulate its workings.
Remote code execution exploits can help attackers steal passwords, inject arbitrary JavaScript into any page, and navigate to any website in the background without the user noticing. Google fixed the issue last month, within four days of being reported. However, Microsoft was critical of how the company made the fix available publically on Github, allowing attackers to find out about the bug in a more obvious fashion.
Google acknowledged the vulnerability and awarded the team a bounty of $15,837 for this exploit and other bugs that the team found but didn't exploit. The amount was matched by the search giant and donated to a charity of Microsoft's choosing- Denise Louie Education Center. Interestingly, Edge was found to be more resilient against phishing attacks than Chrome recently.
Source: Microsoft via MSPoweruser
46 Comments - Add comment