CVE-2021-4324: Insufficient Policy Enforcement in Google Update in Google Chrome (prior to 90..443.93)
The open-source Chromium project is the foundation of Google Chrome, comprising the functionalities and security features that keep the browser safe and user-friendly. However, vulnerabilities can sometimes be discovered within the codebase, and one such recently disclosed issue is CVE-2021-4324. This vulnerability affected Google Chrome up to version 90..443.93 and had a medium-severity rating in Chromium's security scale.
In this blog post, we will delve into the details of CVE-2021-4324, explore its exploitation, and discuss its impact. To make it more accessible, we'll be using simple American language while providing code snippets and original references.
The Vulnerability
CVE-2021-4324 is caused by insufficient policy enforcement within Google Update, a component of Google Chrome responsible for keeping the browser up-to-date with the latest patches, security fixes, and features. Prior to version 90..443.93, Google Update did not properly enforce access controls for certain files. As a result, a remote attacker could exploit the vulnerability by crafting a malicious file that, when executed, would be able to read arbitrary files on the target machine.
Original References
- Chromium Bug Tracker: Issue 1175584
- GitHub Advisory: GHSA-c6pq-m389-6cfj
- Chrome Releases Blog: Stable Channel Update for Desktop
Exploit Details
As CVE-2021-4324 allowed remote attackers to read arbitrary files, an attacker could potentially gain access to sensitive information, such as authentication credentials or other private data stored within the target user's files. To exploit this vulnerability, an attacker would craft a malicious file, and then trick the user into opening the file, which would cause the attacker's code to run and read the designated (victim’s) files remotely. Since Google Update did not properly enforce access controls, the code would run successfully, potentially granting the attacker access to sensitive information.
It's essential to note that the successful exploitation of CVE-2021-4324 requires user interaction. As such, typical attack vectors would involve social engineering techniques like phishing emails or websites that trick the user into downloading and opening the malicious file.
Suppose an attacker creates a malicious file containing the following script
<!DOCTYPE html>
<html>
<head></head>
<body>
<script>
async function exploit() {
try {
const response = await fetch('file:///C:/Users/Victim/Documents/sensitive-file.txt');
const content = await response.text();
console.log([+] Sensitive file content: ${content});
} catch (error) {
console.error([-] Exploit failed: ${error});
}
}
exploit();
</script>
</body>
</html>
When the user opens the file, the JavaScript code within the script tags will try to fetch the sensitive-file.txt from the user's Documents folder. If successful, it will log the file's content, subsequently sending this data to the attacker's server.
Mitigation
To fix this vulnerability, Google released a Chrome update (version 90..443.93) that addresses the insufficient policy enforcement issue within Google Update. All users should update their Google Chrome browser to the latest version by accessing the browser's settings and clicking on "Help" -> "About Google Chrome." This will trigger the update process and ensure that the user's Chrome browser is protected against known vulnerabilities, including CVE-2021-4324.
In addition to keeping the Chrome browser up-to-date, users should practice caution when opening files from untrusted sources or visiting potentially unsafe websites. This not only helps to protect against the exploitation of CVE-2021-4324 but also lowers the risk of falling victim to other cybersecurity threats and social engineering attacks.
Timeline
Published on: 07/29/2023 00:15:00 UTC
Last modified on: 08/02/2023 03:57:00 UTC