Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome, Edge and Firefox May Leak Information on Installed Apps

Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports.

The bugs impact Protocol Handlers, which are related to a mechanism that allows apps to register their own URI schemes used for process execution.

Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports.

The bugs impact Protocol Handlers, which are related to a mechanism that allows apps to register their own URI schemes used for process execution.

In Windows, there are three different keys used for the management of URL handlers, and web browsers would prompt users to choose a different application to handle URLs containing non-http schemes.

“Though it requires user interaction and thus poses a limited risk, it expands the attack surface beyond the browser borders,” Fortinet security researcher Rotem Kerner says.

To exploit the feature, an attacker could create web pages meant to trigger potentially vulnerable applications within the victim system. Such attacks may even bypass protection mechanisms like Smart Screen, the researcher argues.

By exploring possible ways to abuse this feature, Kerner discovered that Firefox (78.0.1 64-bit, on Windows 10) could leak protocol handlers.

Tracked as CVE-2020-15680 and already patched, the vulnerability exists because the web browser renders images sourced in existing and non-existing protocol handlers in a different manner. Specifically, if the source of an image element is set to a non-existing handler, the element would be displayed with different sizing of 0x0.

“This difference can be measured using a simple JS script Basing on this a malicious actor may perform a brute-force attack to disclose the different protocol handlers on a targeted system,” the security researcher notes.

Advertisement. Scroll to continue reading.

In Chrome (tested against version 83.0.4103.116 on Windows 10), the exploitation of this issue is noisier, but the results are the same.

Here, Kerner explains, the browser window loses focus when the user is displayed the message box prompting them to allow for a different application to be opened, if the handler exists. To brute force the list of handlers, the attacker could redirect the victim to a different domain, thus eliminating the opening of multiple message boxes.

“A wide range of applications nowadays uses custom URL handlers and can be detected using this vulnerability. Some examples: music players, IDE, office applications, crypto-mining, browsers, mail applications, antivirus, video conferencing, virtualizations, database clients, version control clients, chat clients, voice conference apps, shared storages,” the researcher says.

An attacker could exploit these issues to identify social apps used by the target, perform general reconnaissance, identify potentially vulnerable apps on the system, identify installed security solutions, or improve browser fingerprinting.

Contacted by the researcher, Google said this was a user fingerprinting issue, but confirmed that it would release a fix. Microsoft does not consider this a security flaw. However, Edge, which is based on Chromium, will likely be patched as well when the fix arrives for the open source browser.

Related: Firefox Flaw Allowed Hackers to Remotely Open Malicious Sites on Android Phones

Related: Chrome Update Patches Actively Exploited FreeType Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.