Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

Details have emerged of a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers.

The issue concerns an after-free use case in the instruction optimization component, the successful exploitation of which could “allow an attacker to execute arbitrary code in the context of the browser.”

The flaw, which was identified in the Dev channel release of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore-based cybersecurity firm Cybertech Numen, and has since been quietly fixed by the company.

Cybersecurity

“This vulnerability occurs in the instruction selection stage, where the wrong instruction was selected and results in a memory access exception,” Wang said.

Use-after-free faults occur when accessing previously freed memory, inducing undefined behavior and causing a program to crash, the use of corrupted data, or even the execution of arbitrary code.

What is more concerning is that the flaw can be exploited remotely via a specially crafted website to bypass security restrictions and execute arbitrary code to damage targeted systems.

chrome zero-day vulnerability

“This vulnerability can be exploited further using heap spraying techniques and then lead to a ‘type confusion’ vulnerability,” Wang explained. “The vulnerability allows an attacker to control function pointers or write code to arbitrary memory locations, and ultimately lead to code execution.”

The company has yet to disclose the vulnerability via the Chrome Bug Tracker portal to allow as many users as possible to install the patched version first. Additionally, Google does not assign CVE IDs to vulnerabilities found in unstable Chrome channels.

Cybersecurity

Chrome users, especially developers who use the Dev edition of Chrome for testing to ensure their apps are compatible with the latest Chrome features and API changes, should update to the latest version software available.

chrome zero-day vulnerability
TurboFan Assembly Instructions After Fixing Vulnerability

This isn’t the first time that use-after-release vulnerabilities have been discovered in V8. In 2021, Google fixed seven such bugs in Chrome that were exploited in real-world attacks. This year, it also fixed a use-after-release vulnerability exploited in the Animation component.

Leave a Comment