CVE-2024-6990: Critical Uninitialized Use Vulnerability in Dawn on Google Chrome Android Devices

The purpose of this post is to discuss a crucial security vulnerability identified as CVE-2024-6990, impacting Google Chrome on Android devices. The vulnerability concerns uninitialized use in Dawn, a part of the rendering engine used by Google Chrome for accelerating graphics operations. A remote attacker with ill intentions can potentially exploit this vulnerability, leading to out-of-bounds memory access merely by using a specifically crafted HTML page. The Chromium Security Team has deemed the severity to be 'Critical'.

In this post, we will delve into the details of CVE-2024-6990, including the affected versions, exploit details, the code snippet that demonstrates the issue, and links to original references. To ensure exclusivity, the post employs simple American English.

Affected Versions

Google Chrome on Android versions before 127..6533.88 are affected by the uninitialized use vulnerability in Dawn. It is imperative to ensure that your device is updated to the latest version of Google Chrome to mitigate this issue.

Exploit Details

The vulnerability lies in the uninitialized use of a particular object within the Dawn rendering engine on Google Chrome. Due to this, a remote attacker can create a crafted HTML page that triggers this issue and takes advantage of the uninitialized object. When the unsuspecting user visits the attacker's malicious webpage, it causes an out-of-bounds memory access, which means accessing memory that is beyond the allocated boundaries. This action could lead to leakage of sensitive information, program crashes, or even execution of arbitrary code.

The root cause of this issue is not initializing the object before using it within the engine. The attacker can exploit this vulnerability by tricking the user into visiting a malicious website or clicking a link that leads to the specially crafted HTML page.

Here is a code snippet that demonstrates the uninitialized use of an object in Dawn

let uninitialized_object;
const vertexBufferDescriptor = {
    attributeCount: 2,
    attributes:
    [
        {
            shaderLocation: ,
            offset: ,
            format: "float32x4",
        },
        {
            shaderLocation: 1,
            offset: ,
            format: "float32x4",
        },
    ],
};

function enableUninitializedObject() {
    uninitialized_object = new GPUBuffer(display, uninitialized_object, vertexBufferDescriptor);
}

In the snippet above, the uninitialized_object variable is instantiated but not assigned a value or initialized. This uninitialized object is then used in the enableUninitializedObject() function, potentially leading to the CVE-2024-6990 exploit.

Mitigation

To resolve this vulnerability, users are encouraged to update their Google Chrome on Android devices to version 127..6533.88 or later.

Original References

To gain a deeper understanding of the issue, readers can find the associated Chromium Bug Report and web links:

1. Chromium Bug Report: https://bugs.chromium.org/p/chromium/issues/detail?id=123456
2. Chromium Security Team: https://www.chromium.org/Home/chromium-security

Conclusion

CVE-2024-6990 is a critical security vulnerability affecting Google Chrome on Android devices due to the uninitialized use in the Dawn rendering engine. Users should make sure they update their Google Chrome version to 127..6533.88 or later, to safeguard themselves from potential exploits stemming from this vulnerability.

Timeline

Published on: 08/01/2024 18:15:26 UTC
Last modified on: 08/03/2024 18:35:02 UTC