Get in Touch
Please get in touch using the form below.
Google Chrome zero-day exploit
Overview
On 19th July 2022, Google released a security update for the Chrome browser that addressed 11 vulnerabilities, including a zero-day flaw that is being exploited in the wild. This update included the following additional fixes:
CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2nd August 2022.
CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 18th June 2022.
CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 16th July 2022.
CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 21st June 2022.
CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 5th July 2022.
CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 4th August 2022.
CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 19th July 2022.
CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 22nd June 2022.
CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 18th July 2022.
CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 21st July 2022.
The vulnerability is being tracked as CVE-2022-2856. Google has described this as a high severity vulnerability that has been caused as a result of “insufficient validation of untrusted input in intents”. This is an element within the Google Chrome suite that enables the launching of applications and web services directly from a web page.
Impact
The aforementioned input validation in the software can potentially serve as a pathway to overriding protections or exceeding the scope of the intended functionality of the Google Chrome browser, which could theoretically lead to successful exploitation via the following attack vectors:
- Buffer Overflow
- Directory Traversal
- SQL Injection
- Cross-Site Scripting (XSS)
- Null Byte Injection
Vulnerability Detection
Any version of the Google Chrome browser prior to 104.0.5112.101 is susceptible to this vulnerability. The Stable channel has been updated to 104.0.5112.101 for MacOS and Linux, respectively. With regards to Windows, this correlates to 104.0.5112.102/101.
Affected Products
Any version of the Google Chrome browser prior to 104.0.5112.101 is susceptible to this vulnerability. The Stable channel has been updated to 104.0.5112.101 for MacOS and Linux, respectively. With regards to Windows, this correlates to 104.0.5112.102/101.
Containment, Mitigations & Remediations
To prevent the successful exploit of this vulnerability, the Google Chrome browser must be updated to version 104.0.5112.101 or later. This can be achieved by performing the following actions:
- Select the “settings” tab within the Google Chrome browser
- Select “About Chrome”
- Allow the browser’s internal system to scan for relevant updates
- Following the completion of the download, restart the browser to apply the security update.
There’s a separate release bulletin for Chrome for iOS, which goes to version 104.0.5112.99, but no bulletin yet, at the time of writing, that mentions Chrome for Android.
Indicators of Compromise
Due to security practices, Google will not disclose the full details of the vulnerability until the majority of users update to the latest version of the browser.
Threat Landscape
Goole Chrome possesses approximately 70% of the browser market share. Threat actors generally utilise a combination of probability and asset value to decide which attack surfaces to spend their time on. As a result, the Google Chrome browser becomes a prime target. While browsers may not run on systems that represent the highest value in terms of direct data exfiltration, the probability of exploiting an unpatched version of the Google Chrome browser is relatively high. Escaping the browser provides a potential threat actor with initial access, which can lead to privilege escalation, and pivoting deeper into a network or associated cloud resources.
Mitre Methodologies
TA0001 – Initial Access
TA0004 – Privilege Escalation
TA0008 – Lateral Movement