Home > Cyber News > CVE-2016-1681 in Chrome’s PDFium Could Allow Arbitrary Code Execution

CVE-2016-1681 in Chrome’s PDFium Could Allow Arbitrary Code Execution


Aleksandar Nikolic, a researcher at Cisco Talos, has discovered a vulnerability in PDFium, the default PDF reader in Google Chrome. The flaw is an arbitrary code execution one, and is outlined as CVE-2016-1681.

The vulnerability can be exploited when a PDF that includes an embedded jpeg2000 image activates an exploitable heap buffer overflow.

More about CVE-2016-1681

An existing assert call in the OpenJPEG library prevents the heap overflow in standalone builds, but in the build included in release versions of Chrome, the assertions are omitted“, the researcher writes.

By simply viewing a PDF document that includes an embedded jpeg2000 image, the attacker can achieve arbitrary code execution on the victim’s system. The most effective attack vector is for the threat actor to place a malicious PDF file on a website and and then redirect victims to the website using either phishing emails or even malvertising.

Learn More about Buffer Overflows and Malvertising

Luckily, Google has already fixed the flaw, and it was a small one indeed. In fact, Google was very quick – Talos reported the vulnerability on May 19th, and the fix was ready by May 25th. The correction includes a single line of code that altered an assert to an if.

If you’re a Chrome user, you should update your browser, and version 51.0.2704.63 is what you need so that the CVE is not exploitable. Nonetheless, Chrome is set to auto-update unless you have decided otherwise. In this case, you’ll need to update manually.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree