🔔
🎄
🎁
🦌
🛷
NEW
Chrome's Renderer Vulnerability Allows Remote Code Execution via Duplicate Object Properties - Blockchain.News

Chrome's Renderer Vulnerability Allows Remote Code Execution via Duplicate Object Properties

Zach Anderson Jun 27, 2024 08:37

A newly discovered bug in Chrome's V8 engine, CVE-2024-3833, allows remote code execution through duplicate object properties in the renderer sandbox.

Chrome's Renderer Vulnerability Allows Remote Code Execution via Duplicate Object Properties

A recently identified vulnerability in Chrome's V8 JavaScript engine, designated as CVE-2024-3833, enables remote code execution (RCE) within the browser's renderer sandbox, according to The GitHub Blog. This flaw exploits object corruption through duplicate object properties, posing significant security risks to users.

Details of the Vulnerability

The discovered bug allows an attacker to execute arbitrary code by simply prompting a user to visit a malicious website. The issue lies in the improper handling of object properties within V8, leading to the creation of duplicate properties. This can result in type confusion and ultimately permit code execution in the renderer sandbox.

The vulnerability was reported in March 2024 and is similar to previous vulnerabilities like CVE-2021-30561. Both bugs were fixed in Chrome version 124.0.6367.60/.61.

Origin Trials in Chrome

Chrome sometimes rolls out new features as origin trials before they are widely available. These trials allow developers to test new features on their websites by registering their origins with Chrome. However, certain origin trial features have been found to introduce security issues.

One such feature, the WebAssembly Exception Handling, was reported to have a similar bug (CVE-2021-30561), where the creation of duplicate properties could lead to RCE.

Exploiting the Vulnerability

The exploitation of CVE-2024-3833 involves creating a scenario where an object has duplicate properties, leading to type confusion. This can be achieved by manipulating the WebAssembly object in such a way that it bypasses the checks in the V8 engine, allowing for the creation of an object with duplicate properties.

For instance, an attacker can create a duplicate 'Suspender' property in the WebAssembly object, leading to an inconsistent state that can be exploited for RCE.

Mitigation and Fixes

Google has addressed this vulnerability in the latest Chrome update. Users are strongly advised to update their browsers to the latest version to protect against potential exploits.

Additionally, developers are encouraged to participate in origin trials responsibly and report any anomalies or security concerns they encounter.

Conclusion

The CVE-2024-3833 vulnerability underscores the importance of rigorous security practices in browser development and the need for continuous monitoring and updating of software to mitigate emerging threats. As browsers continue to evolve, maintaining a proactive stance on security will be crucial in safeguarding users from sophisticated attacks.

Image source: Shutterstock