Researchers from Cisco Talos disclosed technical details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers.
The first issue, tracked as CVE-2020-6463, is a memory corruption vulnerability that affects PDFium, an open source PDF library used by Chrome and other applications.
The vulnerability could be exploited by an attacker for remote code execution in the browser. An attacker could trigger the issue by tricking the user into opening a specially crafted document that contains JavaScript code.
The flaw is a high severity vulnerability that received a CVSS score of 8.8, Google addressed it with the release Chrome 81.0.4044.122 in April.
Google awarded a $5,000 bounty for the vulnerability.
“An exploitable memory corruption vulnerability exists in the way PDFium inside Google Chrome version 80.0.3987.158 executes Javascript regular expressions. The vulnerability could potentially be abused to achieve arbitrary code execution in the browser context. In order to trigger this vulnerability, a victim needs to open a malicious web page.” reads the advisory published by the expert.
“PDFium supports execution of Javascript scripts embedded inside PDF documents. As Chrome itself, PDFium uses V8 as its Javascript engine. This vulnerability lies in a way V8 in a specific configuration processes regular expressions,”
Chrome 81.0.4044.122 also addresses other serious issues, some of which have been awarded by Google with $15,000 and $20,000 bounties.
Cisco Talos experts also published details for the CVE-2020-12418 vulnerability, an information disclosure vulnerability that is related to the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64.
An attacker could exploit the flaw by tricking the victims into visiting a specially crafted URL object that causes an out-of-bounds read.
“The vulnerability is related with the URL object. A malicious web page using a proper URL object state can leak the browser memory that consequently can help an attacker in bypassing ASLR and executing arbitrary code. JavaScript code settings proper state in URL object which will lead to memory leak,” reads the Cisco Talos’ advisory.
Mozilla has fixed this issue, along with other vulnerabilities, with the release of Firefox 78.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Chrome)
[adrotate banner=”5″]
[adrotate banner=”13″]