Discovered by Aleksandar Nikolic of Cisco Talos

Overview
Cisco Talos is releasing details of a new vulnerability in Google PDFium's JBIG2 library. An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2-parsing code in Google Chrome, version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak. That leak could be used as part of an exploit. An attacker needs to trick the user into visiting a malicious site to trigger the vulnerability.

In accordance with our coordinated disclosure policy, Cisco Talos has worked with Google to ensure that these issues have been resolved and that an update has been made available for affected users. It is recommended that this update is applied as quickly as possible to ensure that systems are no longer affected by this vulnerability.

Vulnerability Details

Google PDFium JBIG2 Image ComposeToOpt2WithRect Information Disclosure Vulnerability (TALOS-2018-0639 / CVE-2018-16076) PDFium is an open-source PDF renderer developed by Google and used extensively in the Chrome browser, as well as other online services and standalone applications. This bug was fixed in the latest Git version, as well as the latest Chromium address sanitizer build available.

A heap buffer overflow is present in the code responsible for decoding a JBIG2 image stream. An attacker needs to provide a specific PDF that describes the JBIG2 image details in order to exploit this vulnerability. Detailed vulnerability information can be found here.

Known vulnerable versions
Google Chrome version 67.0.3396.99

https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html

Coverage
The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 47340 - 47341