Security experts urge Chrome users to patch new zero-day exploit immediately

Jimmy2x

Posts: 146   +12
Staff
What just happened? Google just released an emergency security update to patch a newly discovered vulnerability in the Chrome web browser. The buffer overflow-based exploit was discovered by Clément Lecigne, a member of the Google Threat Analysis Group (TAG). Google acknowledged the issue and pledged to withhold further details about the vulnerability until the patch has been widely deployed.

The new vulnerability, categorized as CVE-2022-4135, is a heap buffer overflow issue in the GPU that can result in malicious actors gaining unauthorized access to information, induce application instability, or potentially provide permission to execute arbitrary code on the target machine.

Google's TAG acknowledged the vulnerability in a recent stable channel update that was deployed to prevent further exploitation. Google engineers updated stable channel 107.0.5304.121 for Mac and Linux systems as well as channel 107.0.5304.121/.122 for Windows-based systems. A list of all associated updates and release notes can be found in Chromium's release logs.

The finding marks the software giant's eighth zero-day vulnerability of 2022. Previously patched vulnerabilities included:

The heap overflow can provide attackers with the ability to augment functional pointers within an application, instead pointing them toward arbitrarily deployed malicious code. The condition is the result of a buffer overwrite in the heap portion of a system's memory.

Google's decision not to immediately share the exploit's details is a standard practice intended to minimize the vulnerability's use and impact. By slowing the understanding and awareness of the vulnerability's details, users have more time to patch and update their browsers before the exploit can be leveraged. It also provides developers of heavily used third-party libraries with the ability to patch the vulnerability, further limiting exploitability.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed." - Prudhvikumar Bommana

Chrome users are advised to update their browsers as soon as possible and should monitor any other Chromium-based browsers for similar updates once released.

Permalink to story.

 

Rq3EWAq

Posts: 168   +165
That's why I run my browser, email client, and even Telegram desktop client through firejail, a sandbox firewall/filter. Processes can't write files outside the sandbox and that's enforced by the kernel. There would have to be a 0-day in the browser and the kernel simultaneously for my browser to be vulnerable.
 

passingposeidon

Posts: 38   +51
That's why I run my browser, email client, and even Telegram desktop client through firejail, a sandbox firewall/filter. Processes can't write files outside the sandbox and that's enforced by the kernel. There would have to be a 0-day in the browser and the kernel simultaneously for my browser to be vulnerable.

Isn't there still a lot of valuable information within your sandbox which a browser issue could exploit? Sure they can't go outside the walled garden, but there's a lot of precious stuff inside? Apologies if I don't understand this correctly.
 

Rq3EWAq

Posts: 168   +165
Isn't there still a lot of valuable information within your sandbox which a browser issue could exploit? Sure they can't go outside the walled garden, but there's a lot of precious stuff inside? Apologies if I don't understand this correctly.

I am using firejail on Linux, and the browser of my choice at the moment is Firefox ESR. Firejail is an external process manager/sandbox, its not part of the browser. Firejail on Linux has a huge advantage over Sandboxie on Windows.
With firejail, there isn't any valuable information to access. Browser is only able to see its executable files and all required system libraries, it's own data directory and Downloads directory. All personal files, Documents, Pictures are hidden and cannot be accessed by the process, access is denied, process don't even see these directories and its contents, they are all hidden.
If I want to upload a picture to some website from my Desktop, I first need to move the file to an accessible Downloads directory.
If there is a 0-day exploit in the browser, its process cannot spawn unauthorized children processes. Children processes like PDF reader when I click on downloaded PDF file, is also opening as a firejail dependant. Can't read my data, can't upload it anywhere and so on.
 

passingposeidon

Posts: 38   +51
I am using firejail on Linux, and the browser of my choice at the moment is Firefox ESR. Firejail is an external process manager/sandbox, its not part of the browser. Firejail on Linux has a huge advantage over Sandboxie on Windows.
With firejail, there isn't any valuable information to access. Browser is only able to see its executable files and all required system libraries, it's own data directory and Downloads directory. All personal files, Documents, Pictures are hidden and cannot be accessed by the process, access is denied, process don't even see these directories and its contents, they are all hidden.
If I want to upload a picture to some website from my Desktop, I first need to move the file to an accessible Downloads directory.
If there is a 0-day exploit in the browser, its process cannot spawn unauthorized children processes. Children processes like PDF reader when I click on downloaded PDF file, is also opening as a firejail dependant. Can't read my data, can't upload it anywhere and so on.
Okay but doesn't the browser hold say, saved login details for websites, or your browsing history, favourites and so on? Various pieces of 'valuable' information. I am not sure what valuable information I even have on my PC outside of my browser. Game installs and other stuff like that, but nothing worth stealing.
 

Rq3EWAq

Posts: 168   +165
Okay but doesn't the browser hold say, saved login details for websites, or your browsing history, favourites and so on? Various pieces of 'valuable' information. I am not sure what valuable information I even have on my PC outside of my browser. Game installs and other stuff like that, but nothing worth stealing.
0-day exploit in the browser can do whatever it wants with the browser and in some circumstances - your entire system or user account. Simplest example is a ransomware where everything you have on your computer is encrypted, you loose all your data unless you pay the hackers (and sometimes they won't decrypt your data even if you paid them).
Or you can have trojan or keylogger installed for months, gathering all your private information and every key click.
Firejail helps to contain a possible 0-day where it originated from - the browser. 0-day in my setup will have very small chances to escape from browser sandbox. Whereas is normal circumstances it can destroy entire system (ransomware mentioned above) very quickly.