Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you a report on how to analyze 0Day vulnerabilities in Google Chrome remote code execution. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

I. Overview

On April 13, 2021, Antian CERT found that foreign security researchers have released the PoC of the Google Chrome browser remote code execution 0Day vulnerability, which can be exploited by attackers to construct a special page, which users can access to cause remote code execution. the vulnerability affects the latest official version of Chrome (89.0.4389.114) and all lower versions. Antian CERT follows up and repeats that due to the high utilization rate of Google Chrome browsers in China, the vulnerability is at risk of being exploited by malicious code to spread widely, and the threat level is high. At the same time, Antian CERT test found that some other browsers using Google Chrome kernel in China are also affected by it. At present, browsers such as Microsoft Edge have been running in sandboxie mode by default. Antian CERT tests that this vulnerability cannot break through Chrome's sandboxie mode if used alone, but it does not mean that this is not a serious vulnerability, because in actual attacks, multiple vulnerabilities may be used in combination, and if this vulnerability is used in combination with other vulnerabilities that penetrate sandboxie, it may pose a great security threat.

In view of the fact that Chrome kernel browsers are widely used in China, including 360secure browsers, roaming browsers, Sogou browsers, high-speed browsers, etc., it is suggested that the relevant manufacturers should quickly carry out verification and inspection. We have urgently reported to the relevant national departments to advise customers to take temporary solutions as soon as possible to avoid being affected by this loophole.

2. Details of vulnerabilities

Antian CERT found that foreign security researchers have released PoC details about Google Chrome remote code execution 0Day vulnerabilities [1]. Google Chrome is a free web browser developed by Google. This vulnerability affects the latest official version of Chrome (89.0.4389.114) and all earlier versions, and an attacker can construct a special Web page to induce the victim to visit, thus achieving the purpose of remote code execution.

Figure 2-1 screenshot of verification of PoC by foreign security researchers

Antian CERT follows up and reproduces this vulnerability. The screenshot is as follows:

Figure 2-2 screenshot of Antian CERT verification for PoC

Antian CERT tests found that other browsers that partially use the Google Chrome kernel are also affected, but browsers using the Chrome kernel are not affected by this vulnerability if they use sandboxie mode.

Figure 2-3 A browser test chart

III. The range of versions affected by the vulnerability

The vulnerability mainly affects version 89.0.4389.114 and the following versions

IV. Temporary solution

● advises users to avoid opening links to web pages of unknown origin and to avoid clicking on email attachments from unknown sources.

● recommends that users execute Google Chrome browsers in virtual machines

● continuously follows the update of the official Google Chrome website and completes the update in a timely manner.

The result of vulnerability reproduction under the existing default policy of the relevant browser shows that the continuous enhancement of the security mechanism of the operating system and the application itself can play a certain effect in attack mitigation. But at the same time, it is still necessary to keep the version updated and patched up at any time. The system's own security policy settings, version and patch updates, and the effective combination of the main defense mechanism of the third-party host security software are all very necessary host system security fulcrums.

The above is the report on how to analyze Google Chrome remote code execution 0Day vulnerabilities shared by Xiaobian. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.