SSD Advisory – Chrome Turbofan Remote Code Execution Full report: https://blogs.securiteam.com/index.php/archives/3379 Twitter account: @SecuriTeam_SSD <https://twitter.com/SecuriTeam_SSD> Vulnerability Summary The following advisory describes a type confusion vulnerability that leads to remote code execution found in Chrome browser version 59. Chrome browser is affected by a type confusion vulnerability. The vulnerability results from incorrect optimization by the turbofan compiler, which causes confusion between access to an object array and a value array, and therefore allows to access objects as if they were values by reading them as if they were values (thus receiving their in memory address) or vice-versa to write values into an object array and thus being able to fake objects completely. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response Google was informed of the vulnerability, and a ticket has been opened: https://bugs.chromium.org/p/chromium/issues/detail?id=746946, because the vulnerability stopped working in Chrome 60 – Google has no plan to address it as a security advisory/patch. -- Thanks Maor Shwartz Beyond Security GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – Chrome Turbofan Remote Code Execution – SecuriTeam Blogs.pdf
Description: Adobe PDF document
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/