Microsoft’s Offensive Security Research (OSR) team has disclosed a remote code execution vulnerability in the Chrome web browser that was discovered by its experts.
As you know, Google Chrome browser use a sandbox to restrict the execution environment of the web applications, this means that in order to escape the sandbox and take over the machine it is necessary to chain the flaw with a second vulnerability.
Microsoft operated without knowing the second vulnerability and discovered that executing arbitrary code within a renderer process can allow an attacker to bypass the Single Origin Policy (SOP), which is the mechanism in place to prevents a malicious script on one page from obtaining access to sensitive data on another web page.
“With that in mind, we thought it would be interesting to examine what might be possible for an attacker to achieve without a secondary bug.”
“A better implementation of this kind of attack would be to look into how the renderer and browser processes communicate with each other and to directly simulate the relevant messages, but this shows that this kind of attack can be implemented with limited effort,” continues the blog post. “While the democratization of two-factor authentication mitigates the dangers of password theft, the ability to stealthily navigate anywhere as that user is much more troubling because it can allow an attacker to spoof the user’s identity on websites they’re already logged into.”
Microsoft criticized the way Google releases patches for Chrome through the open-source browser project Chromium. The source code changes that address the flaw are often available on GitHub before the actual patch is released to customers allowing threat actors to develop their own exploit codes.
(Security Affairs – Chrome, RCE)