Cisco Talos discloses technicals details of Chrome, Firefox flaws

guest · Jul 5, 2020

Cisco Talos discloses technicals details of Chrome, Firefox flaws
July 5, 2020
https://securityaffairs.co/wordpress/105547/security/talos-chrome-firefox-flaws.html

Researchers from Cisco Talos disclosed technical details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers.

The first issue, tracked as CVE-2020-6463, is a memory corruption vulnerability that affects PDFium, an open source PDF library used by Chrome and other applications.
The vulnerability could be exploited by an attacker for remote code execution in the browser.

The flaw is a high severity vulnerability that received a CVSS score of 8.8, Google addressed it with the release Chrome 81.0.4044.122 in April.
“[...] In order to trigger this vulnerability, a victim needs to open a malicious web page.” reads the advisory published by the expert.
Click to expand...

Cisco Talos experts also published details for the CVE-2020-12418 vulnerability, an information disclosure vulnerability that is related to the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64.

“The vulnerability is related with the URL object. A malicious web page using a proper URL object state can leak the browser memory that consequently can help an attacker in bypassing ASLR and executing arbitrary code. JavaScript code settings proper state in URL object which will lead to memory leak,” reads the Cisco Talos’ advisory.

Mozilla has fixed this issue, along with other vulnerabilities, with the release of Firefox 78.
Click to expand...

Rasheed187 · Jul 11, 2020

Weird, once again it's not clear if they were able to bypass the sandbox in both Chrome and Firefox. Normally, if they were able to run malware, it's still restricted by the sandbox, so it runs with low rights.

itman · Jul 11, 2020

Rasheed187 said: ↑

Weird, once again it's not clear if they were able to bypass the sandbox in both Chrome and Firefox. Normally, if they were able to run malware, it's still restricted by the sandbox, so it runs with low rights.
Click to expand...

The leaked memory presented by code above can be used to bypass ASLR and with a combination with other vulnerability might allow an attacker to gain arbitrary code execution.
Click to expand...

Leaked memory as I understand it is available but unallocated memory. In other words, it is no longer associated with the active browser process. As such, it is no longer inhibited by any restrictions employed by the leaker processes.

Memory leaks are serious and other processes have been known to leak memory.

Rasheed187 · Jul 18, 2020

itman said: ↑

Leaked memory as I understand it is available but unallocated memory. In other words, it is no longer associated with the active browser process. As such, it is no longer inhibited by any restrictions employed by the leaker processes. Memory leaks are serious and other processes have been known to leak memory.
Click to expand...

From what I understood, it's no longer enough for hackers to simply get remote code execution. They need to combine it with a second exploit that let's them escape the sandbox. This can be either a sandbox exploit in the browser or a Windows kernel exploit in the OS. For example, a tool like Sandboxie would most likely still contain the malware even if hackers used a sandbox exploit inside the browser.

Log in or Sign up

Cisco Talos discloses technicals details of Chrome, Firefox flaws

guest Guest

Rasheed187 Registered Member

itman Registered Member

Rasheed187 Registered Member

Log in or Sign up

Cisco Talos discloses technicals details of Chrome, Firefox flaws

guest Guest

Rasheed187 Registered Member

itman Registered Member

Rasheed187 Registered Member

Useful Searches