Microsoft discovered a critical vulnerability in the Google Chrome web browser which is tracked under the CVE-2017-5121 advisory. The details pertaining in its discovery reveal some of the issues that web browsers face in today’s world where hacker attacks and viruses remain a constant threat.
How Modern Sandboxing Security Methods Work
Most contemporary web browsers feature different technology solutions to protect against viruses and malicious scripts. One of the most famous examples is the sandboxing mechanism ‒ it allows host programs to execute applications or scripts while at the same carefully controlling the resource allocation and privileges within a specially controlled environment.
The technique allows web servers to differentiate between hosted sites, development platforms to separate built projects and web browsers to carefully monitor and control the separate tabs and all user-accessed content. While sandboxing appears to be a good protective measure against malware and hacker intrusions, when it is exploited the criminal intruders can access a large subset of resources depending on the case.
The Google Chrome RCE Bug Case (CVE-2017-5121)
The Microsoft Offensive Security Research (OSR) team made a thorough investigation into the matter and used Google Chrome as an example. During their detailed analysis of the browsers’s sandboxing model they discovered an alarming vulnerability tracked under the CVE-2017-5121 advisory.
The security experts discovered that the problem lies within the V8 Javascript interpreter, part of the Internet application which is responsible for the execution of web scripts. The team was able to cause a crash in the program code which allows potential attacker to cause Google Chrome to mishandle certain operations. As a result of the bug the researchers were able to place arbitrary data at certain memory addresses.
This vulnerability essentially allows hackers to insert malware code into Google Chrome web browsers installed on the victims browsers. The Microsoft team report that once the hackers discover the mechanism behind the initial weak spots it is very easy to trick the Javascript interpreter into allocating permissions to various crafted viruses. As this is an integral part of the browser the malware have access to all important parameters: read, write and execution rights.
Consequences of the Google Chrome RCE Bug (CVE-2017-5121)
Google Chrome is noteworthy for using a multi-process model of execution. This essentially means that the application differentiates between operations of the software itself, the graphical card (for video playback) and the web rendered itself. During the security investigation of the CVE-2017-5121 RCE bug the Microsoft team discovered that the vulnerability abuse can lead to several dangerous cases:
- Attackers can steal saved passwords from any website by hijacking the PasswordAutofillAgent interface.
- Attackers can inject arbitrary JavaScript into any page (a capability known as universal cross-site scripting, or UXSS), for example, by hijacking the blink::ClassicScript::RunScript method.
- Attackers can navigate to any website in the background without the user noticing, for example, by creating stealthy pop-unders. This is possible because many user-interaction checks happen in the renderer process, with no ability for the browser process to validate. The result is that something like ChromeContentRendererClient::AllowPopup can be hijacked such that no user interaction is required, and attackers can then hide the new windows. They can also keep opening new pop-unders whenever one is closed, for example, by hooking into the onbeforeunload window event.
One of the most dangerous consequences is the fact that the malicious operators of attacks incorporating the code execution bug can lead to identity theft and potential sensitive data extraction.
How to Protect from the Google Chrome RCE Bug (CVE-2017-5121)
The vulnerability was reported to the Google security team by Microsoft and the bug was quickly eliminated by a new Google Chrome update. All users running the application should apply the update if it has not been installed automatically already by the built-in engine.
We still highly recommend that everyone utilize a quality malware solution. In the event that criminals exploit a similar vulnerability the security program will be able to remove active infections with only a few mouse clicks.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: