What is the critical vulnerability Microsoft discovered in ChromeOS?
The ChromeOS incident
Uncovering a ChromeOS remote memory corruption vulnerability - Microsoft Security Blog
https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/
Microsoft details critical vulnerability in ChromeOS • The Register
The vulnerability Bar Or discovered was in one of the D-Buses, org.chromium.cras ( ChromiumOS Audio Server ), which allocates audio communication to newly connected devices such as USB speakers and Bluetooth headsets. Thing.
According to Mr. Bar Or's research, this service has a function called SetPlayerIdentity, which receives a string argument called identity as an input, but it was found that a C language function called strcpy is called from within this function. That's what I'm talking about. ``For experienced security engineers, the strcpy function will immediately come to mind,'' Bar Or said about the strcpy function. The strcpy function does not perform bounds checks to check the suitability of variables, which can lead to various memory corruption vulnerabilities.
It is said that this strcpy function may cause an area called 'heap area', which is reserved for program operation in memory, to overflow and destroy the memory. According to Bar Or, just sending a 200-character string from the command line to D-Bus can cause an overflow, and it has also been found that the bug can be induced remotely via a browser or Bluetooth.
It is said that it is necessary to chain vulnerabilities in order to exploit this issue in ChromeOS, which has sufficiently enhanced security, but Bar Or said about the danger of this issue, ``To encourage Google to respond quickly. is enough. The Microsoft team rated the severity of this issue at 9.8 out of 10.
The vulnerability was reported to Google immediately after discovery, and a patch was released about a month later.
Related Posts:
in Security, Posted by log1p_kr