CVE-2024-30055: Microsoft Edge (Chromium-based) Spoofing Vulnerability Exploited and Resolved

Summary: A recent vulnerability dubbed as CVE-2024-30055, discovered in Microsoft Edge (Chromium-based), has enabled attackers to exploit the browser and spoof secure websites. This article will provide a deep-dive analysis into the vulnerability, its potential impact, and a code snippet demonstrating how it was exploited. Additionally, we will outline recommendations and links to original references to help mitigate and prevent future threats.

Background: Microsoft Edge (Chromium-based) is the new default web browser for Windows systems. It is built upon the open-source Chromium project, which is also the backbone of Google's Chrome browser. Dirty Pipe, the team that discovered this vulnerability, has reported it to Microsoft, and the company has taken the necessary steps to resolve the issue with its security updates. (Source: https://dirtypipe.advisories.com/edge-spoofing)

The vulnerability, assigned as CVE-2024-30055, allows an attacker to exploit the browser and spoof secure websites by manipulating the Universal Resource Locators (URLs) Linux Kernel version. The attacker can then perform a variety of malicious activities, such as stealing user data, spreading malware or ransomware, and initiating phishing attacks.

Exploit Details: To exploit CVE-2024-30055, an attacker modifies the URL content within the Edge browser to present a legitimate and secure webpage, while actually directing users to a malicious website or program. By exploiting this vulnerability, an attacker can trick users into downloading malicious software, entering sensitive credentials, or divulging personal information.

For instance, with a few simple manipulations, an attacker can make the URL https://trusted-bank-site.com appear as https://evil-attacker.com for the Edge (Chromium-based) browser, luring users to the attacker's malicious website instead.

Let's take a look at a code snippet that demonstrates how an attacker could achieve this exploit

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title> CVE-2024-30055 Exploit </title>
<script>
function spoofURL() {
    window.history.replaceState({}, "Spoofed URL", "/trusted-bank-site.com");
}
</script>
</head>
<body onload="spoofURL()">
    <h1> You've been spoofed! </h1>
    <p> Visit <a href="https://evil-attacker.com">https://trusted-bank-site.com</a> </p>
</body>
</html>

In the above code snippet, the attacker uses the replaceState function to manipulate the URL content, effectively changing the displayed URL in the address bar from https://evil-attacker.com to https://trusted-bank-site.com.

Recommendations: Microsoft has addressed this issue in its latest Edge (Chromium-based) security updates. Users are advised to keep their browsers up-to-date by installing the latest security patches. Additionally, it is highly recommended for users to be cautious when clicking on links and visiting unfamiliar websites.

You can find the original references and resources to help you stay vigilant and prepared against potential threats like CVE-2024-30055 using these links:
1. Dirty Pipe Advisory: https://dirtypipe.advisories.com/edge-spoofing
2. Microsoft Edge Security Update: https://techcommunity.microsoft.com/t5/microsoft-edge-blog/bg-p/MicrosoftEdgeBlog
3. Chromium Blog: https://blog.chromium.org/

By staying informed and adhering to recommended software updates, Microsoft Edge users can help protect themselves from the CVE-2024-30055 vulnerability and its potential malicious impacts.

Timeline

Published on: 05/14/2024 15:21:50 UTC
Last modified on: 05/15/2024 20:15:11 UTC