A Chrome 85 replace launched by Google this week patches a number of high-severity vulnerabilities, together with ones that may be exploited to hack customers by convincing them to put in malicious extensions.
The extension-related vulnerabilities, described by Google as “inadequate coverage enforcement in extensions,” have been found by researcher David Erceg in August. He recognized three vulnerabilities of this sort: CVE-2020-15961, a high-severity concern for which he obtained a $15,000 bug bounty; CVE-2020-15963, additionally a high-severity flaw, for which he earned $5,000; and CVE-2020-15966, which has been rated medium severity and for which the bug bounty has but to be decided.
Erceg informed SecurityWeek that the vulnerabilities he found all goal a particular API made obtainable to extensions — he has not named the impacted API because of the truth that Google hasn’t talked about it both in its launch notes.
Exploitation of all three flaws entails convincing the focused person to put in a malicious extension with some particular privileges.
“Two of the problems (the excessive severity points) enable an extension to obtain and run an executable file. In each instances, no person interplay could be required after the extension set up,” Erceg defined. “In an actual world assault, these points would enable an extension to run an executable outdoors of the browser’s sandbox shortly after set up (utilizing the primary concern, it may plausibly be completed inside a couple of seconds).”
He famous that the second high-severity vulnerability (CVE-2020-15963) can solely be exploited to run an executable outdoors of the sandbox if sure situations are met. If these situations usually are not met, the attacker may nonetheless carry out sure actions, reminiscent of accessing privileged pages or studying native recordsdata. Alternatively, an attacker may chain this flaw with one other weak point to execute code outdoors of the sandbox.
The medium-severity concern, the researcher says, could be exploited by a malicious extension to learn the content material of native recordsdata, which an extension is generally not allowed to do with out the person’s specific permission.
The Chrome 85 replace that patches these vulnerabilities additionally addresses an out-of-bounds learn concern in storage, for which an unnamed hacker earned $15,000, and an inadequate coverage enforcement concern for which researchers Leecraso and Guang Gong of 360 Alpha Lab earned $10,000.
Leecraso and Guang Gong earlier this month obtained a $20,000 bug bounty from Google for reporting a high-severity vulnerability that may be exploited to flee the Chrome sandbox.
Associated: Google Patches Extra Excessive-Worth Chrome Sandbox Escape Vulnerabilities
Associated: GitHub Shares Particulars on Six Chrome Vulnerabilities
Associated: Google Awards $10,000 for Distant Code Execution Vulnerability in Chrome
chrome extension vulnerabilities,chrome extension vulnerability scanner,browser extension security,google chrome extensions,chrome extension security check,securify for chrome extension,chrome extension security risk,stay secure pads,chrome security extensions reddit,are chrome extensions safe reddit,crxcavator,chrome extensions,browser extension vulnerability,are chrome extensions safe