This issue was addressed by disabling after_free in the UI. For users who are interacting with sites that are explicitly vulnerable to this issue, it is recommended that they be cautious when filling out forms on websites, use caution when visiting untrusted sites, and consider using a trusted browser. After the Google Summer of Code event, we also released a patch to ensure that after_free is disabled by default in the UI. This means that, unless disabled, the feature will be enabled in the UI by default in a future update. If you are using a browser that is not on this list and observe this issue, it is recommended that you turn off after_free in the UI. Google Chrome on Linux and Mac now disables after_free by default.

What is the issue?

After_free is a memory management bug that can be triggered by websites that are vulnerable to this issue. It is in the Chrome browser on Linux and Mac operating systems as well as Chrome OS. This issue was addressed by disabling after_free in the UI. For users who are interacting with sites that are explicitly vulnerable to this issue, it is recommended that they be cautious when filling out forms on websites, use caution when visiting untrusted sites, and consider using a trusted browser.

What is after_free?

The issue is about allowing a free pointer to be dereferenced after it has already been allocated. It can also be used to bypass protections put in place by the operating system when untrusted content is loaded into memory. This can allow an attacker to access sensitive information, such as passwords, cookies and other user data stored on the machine without the browser's knowledge.
After_free is an optimization that allows a function call that might dereference a pointer before it has been initialized. After_free was introduced in Firefox 1.5 as an optimization which was inadvertently left enabled, which allowed many vulnerabilities to be found and exploited in Firefox codebase over the years. In most cases, this vulnerability could not be exploited without first triggering it with JavaScript, but there have been reported cases where attackers have triggered it through XUL code (an XML file containing custom user interface elements).

Chrome OS

Security Update
Chrome OS is a popular operating system that runs on Chromebooks.
This security update improves the security of Chrome OS and helps protect from potentially malicious files downloaded from untrusted sources. This update also fixes a bug in which a crafted HTML file may cause a Chrome device to crash when displaying a webpage using this crafted html. The vulnerability was first discovered by Google's Vulnerability Rewards Program (VRP).

Users without the Google Chrome browser:

Risks and Mitigation
If you are not using the Google Chrome browser on Linux or Mac, it is recommended that you turn off after_free in the UI. This can be done by going to Settings > Show Advanced Settings > Privacy and Security > Content settings > Enable JavaScript (by default)> Disable JavaScript memory access optimisations

Timeline

Published on: 07/28/2022 02:15:00 UTC
Last modified on: 08/21/2022 08:15:00 UTC

References