High-Severity Remote Code Execution Vulnerability in Google Chrome

A high-severity ‘use-after-free’ vulnerability tracked as CVE-2020-6492 with a CVSSv3 base score of 8.3 exists in WebGL [Web Graphics Library] component of the Google Chrome web browser that could be used to execute arbitrary code in the context of the browser process.

WebGL (Web Graphics Library) is a JavaScript API for rendering high-performance interactive 3D and 2D graphics within any compatible web browser without using plug-ins. A Use-after-free, identified as CWE-416 by Mitre, is an attempt to access a memory block after it has been freed which leads to a direct memory crash, usage of unexpected values, or execution of arbitrary code.

An attacker who tries to exploit these vulnerabilities can disclose sensitive information, bypass security restrictions, crash the application or even execute arbitrary code in the context of the browser by redirecting them to a specially crafted webpage.


Vulnerability Details:

The CVE-2020-6492  vulnerability was discovered by Cisco Talos’ research engineer Marcin Towalski. The vulnerability arises when a WebGL component fails to properly handle objects in memory. It specifically resides in ANGLE, a compatibility layer between OpenGL and Direct3D that Chrome browser uses on Windows systems.

For exploitation of the vulnerability, an attacker could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free flaw, which could ultimately lead to arbitrary code execution.

According to vulnerability advisory released by the researchers, the issue exists in a function of ANGLE, called “State::syncTextures” which is responsible for checking if the texture has any so-called DirtyBits. These are “bitsets” indicating if a specific state value, associated with a block of computer memory, has been changed.

An attacker could use a function called “drawArraysInstanced” to execute vulnerable code. When the syncTextures object tries to syncState through ‘Texture::syncState‘ function it creates a use after free condition. Thus, leading to cause a program to crash or can potentially result in the execution of arbitrary code.


Affected products
Google Chrome versions 85.0.4183.83 and prior.


Impact
This vulnerability could allow a remote attacker to execute arbitrary code on the affected systems.


Solution
The CVE-2020-6492 was expected to be fixed in the latest Chrome 85 release but according to the Chrome release updates, we could not confirm if the vulnerability was addressed.


Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *