CVE-2016-1681 in Chrome's PDFium Could Allow Arbitrary Code Execution
CYBER NEWS

CVE-2016-1681 in Chrome’s PDFium Could Allow Arbitrary Code Execution

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

google-chrome

Aleksandar Nikolic, a researcher at Cisco Talos, has discovered a vulnerability in PDFium, the default PDF reader in Google Chrome. The flaw is an arbitrary code execution one, and is outlined as CVE-2016-1681.

The vulnerability can be exploited when a PDF that includes an embedded jpeg2000 image activates an exploitable heap buffer overflow.

More about CVE-2016-1681

An existing assert call in the OpenJPEG library prevents the heap overflow in standalone builds, but in the build included in release versions of Chrome, the assertions are omitted“, the researcher writes.

By simply viewing a PDF document that includes an embedded jpeg2000 image, the attacker can achieve arbitrary code execution on the victim’s system. The most effective attack vector is for the threat actor to place a malicious PDF file on a website and and then redirect victims to the website using either phishing emails or even malvertising.

Learn More about Buffer Overflows and Malvertising

Luckily, Google has already fixed the flaw, and it was a small one indeed. In fact, Google was very quick – Talos reported the vulnerability on May 19th, and the fix was ready by May 25th. The correction includes a single line of code that altered an assert to an if.

If you’re a Chrome user, you should update your browser, and version 51.0.2704.63 is what you need so that the CVE is not exploitable. Nonetheless, Chrome is set to auto-update unless you have decided otherwise. In this case, you’ll need to update manually.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...