Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Chrome Vulnerabilities Expose Users to Attacks Via Malicious Extensions

A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing them to install malicious extensions.

A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing them to install malicious extensions.

The extension-related vulnerabilities, described by Google as “insufficient policy enforcement in extensions,” were discovered by researcher David Erceg in August. He identified three vulnerabilities of this type: CVE-2020-15961, a high-severity issue for which he received a $15,000 bug bounty; CVE-2020-15963, also a high-severity flaw, for which he earned $5,000; and CVE-2020-15966, which has been rated medium severity and for which the bug bounty has yet to be determined.

Erceg told SecurityWeek that the vulnerabilities he discovered all target a specific API made available to extensions — he has not named the impacted API due to the fact that Google hasn’t mentioned it either in its release notes.

Exploitation of all three flaws involves convincing the targeted user to install a malicious extension with some specific privileges.

“Two of the issues (the high severity issues) allow an extension to download and run an executable file. In both cases, no user interaction would be required after the extension install,” Erceg explained. “In a real world attack, those issues would allow an extension to run an executable outside of the browser’s sandbox shortly after install (using the first issue, it could plausibly be done within a few seconds).”

He noted that the second high-severity vulnerability (CVE-2020-15963) can only be exploited to run an executable outside of the sandbox if certain conditions are met. If these conditions are not met, the attacker could still perform certain actions, such as accessing privileged pages or reading local files. Alternatively, an attacker could chain this flaw with another weakness to execute code outside of the sandbox.

The medium-severity issue, the researcher says, can be exploited by a malicious extension to read the content of local files, which an extension is normally not allowed to do without the user’s explicit permission.

The Chrome 85 update that patches these vulnerabilities also addresses an out-of-bounds read issue in storage, for which an unnamed hacker earned $15,000, and an insufficient policy enforcement issue for which researchers Leecraso and Guang Gong of 360 Alpha Lab earned $10,000.

Advertisement. Scroll to continue reading.

Leecraso and Guang Gong earlier this month received a $20,000 bug bounty from Google for reporting a high-severity vulnerability that can be exploited to escape the Chrome sandbox.

Related: Google Patches More High-Value Chrome Sandbox Escape Vulnerabilities

Related: GitHub Shares Details on Six Chrome Vulnerabilities

Related: Google Awards $10,000 for Remote Code Execution Vulnerability in Chrome

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.