[BreachExchange] Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Wed Aug 4 10:58:40 EDT 2021
https://www.securityweek.com/google-patches-several-chrome-flaws-can-be-exploited-malicious-extensions
Researchers Leecraso and Guang Gong of the 360 Alpha Lab team at Chinese
cybersecurity firm Qihoo 360 have earned $20,000 for a high-severity
vulnerability tracked as CVE-2021-30590. Google described the issue as a
heap buffer overflow in Bookmarks.
Leecraso told SecurityWeek that CVE-2021-30590 is a sandbox escape
vulnerability that can be “exploited in combination with an extension or a
compromised renderer.” An attacker can leverage the flaw to achieve remote
code execution outside Chrome’s sandbox.
A high severity rating has also been assigned to two vulnerabilities
reported by researcher David Erceg. CVE-2021-30592, described by Google as
an out-of-bounds write issue in Tab Groups, earned him $10,000, while
CVE-2021-30593, described as an out-of-bounds read bug in Tab Strips,
earned him a $5,000 bug bounty.
“CVE-2021-30592 would require a malicious extension to be installed,” Erceg
told SecurityWeek. “Since the vulnerability involves an out of bounds
write, it could potentially be used to escape the browser's sandbox. And
exploiting it wouldn't require anything but the user to install the
extension.”
“As for CVE-2021-30593,” he added, “it would be easier to trigger with an
extension, though a web page could trigger the behavior under some more
restricted circumstances. The impact is similar to CVE-2021-30592, in that
an attacker could potentially escape the sandbox if they could set up
memory in the appropriate way before the out of bounds read occurs. This
issue could also be exploited on its own, but it does require some more
specific interaction from the user.”
These were not the first extension-related Chrome vulnerabilities reported
by Erceg to Google.
Another high-severity vulnerability for which Google paid out $20,000 is
CVE-2021-30591, a use-after-free bug in the File System API. This issue was
discovered by researcher SorryMybad from Kunlun Lab.
It’s worth noting that Google pays out up to $20,000 for Chrome sandbox
escape vulnerabilities described in a high-quality report. Researchers can
earn up to $30,000 for such flaws if they also provide a functional exploit.
It’s important that users update Chrome as soon as possible, considering
that the web browser appears to be increasingly targeted in malicious
attacks. Google this year patched more than half a dozen actively exploited
zero-day flaws.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210804/f20e3cf0/attachment.html>
More information about the BreachExchange
mailing list