Thursday, July 2, 2020

Vulnerability Spotlight: Google Chrome PDFium memory corruption vulnerability

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

The PDF renderer inside Google Chrome, known as PDFium, contains a memory corruption vulnerability that could be exploited by an adversary. PDFium is open-source software that is utilized in the Chrome browser and other applications.  The software supports the use of JavaScript embedded
inside PDFs and other specially crafted documents could corrupt the memory of the application, allowing an adversary to achieve arbitrary code execution inside the browser.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Google to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Google V8 Array.prototype memory corruption vulnerability (TALOS-2020-1044/CVE-2020-6458)

An exploitable memory corruption vulnerability exists in the way PDFium inside Google Chrome, version 80.0.3987.158, executes JavaScript regular expressions. The vulnerability could potentially be abused to achieve arbitrary code execution in the browser context. A victim needs to open a malicious web page or document to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that version 80.0.3987.158 of Google Chrome is affected by this vulnerability.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53599, 53600

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.