CVE-2024-5832 - Use After Free Vulnerability in Google Chrome Dawn Leading to Heap Corruption

In this post, we will take a deep dive into a recent vulnerability discovered in Google Chrome, specifically in the Dawn WebGPU implementation. This vulnerability, tracked as CVE-2024-5832, affects Google Chrome versions prior to 126..6478.54 and could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. According to Chromium's security severity rating, this issue is deemed "High."

An Introduction to the Vulnerability (CVE-2024-5832)

The vulnerability arises from a 'use after free' issue in the Dawn WebGPU implementation of Google Chrome. A 'use after free' vulnerability occurs when memory is deallocated or 'freed' and then later accessed, leading to unexpected behavior in the program. In this case, the unexpected behavior could lead to heap corruption.

A remote attacker could potentially exploit this vulnerability by crafting a malicious HTML page and tricking a user into visiting the page using a vulnerable version of Google Chrome. This would potentially lead to heap corruption, allowing a sophisticated attacker to gain control over the affected system.

References
- Original Advisory from Chromium: link
- Chromium Issue Tracker: link
- Chromium Security Severity: link

Code Snippet

The following code snippet demonstrates the issue in a simplified manner

function trigger_vulnerability() {
  let device = create_webgpu_device();
  
  let buffer = device.createBuffer({
    size: 1024,
    usage: GPUBufferUsage.COPY_SRC | GPUBufferUsage.COPY_DST
  });
  
  // Trigger 'use after free' vulnerability in Chrome Dawn WebGPU implementation
  const queue = device.defaultQueue;
  
  for (let i = ; i < 100; i++) {
    queue.writeBuffer(buffer, , new Uint32Array(1));
  } 
}

This code snippet creates a WebGPU buffer, then triggers multiple calls to writeBuffer() in rapid succession, causing the use-after-free vulnerability.

Exploit Details

In order to exploit this vulnerability, an attacker would first need to craft a malicious HTML page containing JavaScript code that triggers the 'use after free' issue in the Dawn WebGPU implementation. The attacker could then use social engineering or other techniques to entice a user to visit the malicious page with a vulnerable version of Google Chrome.

Upon visiting the page, the JavaScript code would execute and potentially lead to heap corruption. This, in turn, could allow a skilled attacker to execute arbitrary code and gain control over the affected system. However, this would require a high level of expertise and understanding of heap corruption, as well as the targeted system's memory layout.

Mitigation
To protect yourself from this vulnerability, it is highly recommended to update Google Chrome to the latest version (126..6478.54 or higher) to avoid this dangerous issue. Always keep your web browser and other software up to date, and be cautious when clicking on links or visiting untrusted websites.

Conclusion

CVE-2024-5832, a 'use after free' vulnerability in the Dawn WebGPU implementation of Google Chrome, could potentially allow a skilled remote attacker to exploit heap corruption and gain control over an affected system via a crafted HTML page. To protect yourself against this threat, it is crucial to keep Google Chrome and other software up to date and be cautious when browsing the web.

Timeline

Published on: 06/11/2024 21:15:54 UTC
Last modified on: 07/03/2024 02:09:18 UTC