CVE CyberSecurity Database News

CVE-2024-9120 - Exploring the Use After Free Vulnerability in Dawn in Google Chrome on Windows Prior to 129..6668.70

Poster -

---

Introduction and Background

Google Chrome is one of the most popular web browsers worldwide, with millions of users relying on it every day for their browsing needs. As such, it's a prime target for cybercriminals who are always looking for opportunities to exploit vulnerabilities within the software to gain unauthorized access to victims' devices. One such recent vulnerability discovered in Google Chrome is CVE-2024-9120, a high-risk Use After Free (UAF) issue affecting the Dawn rendering engine on Windows systems prior to version 129..6668.70. This blog post will discuss the details of this vulnerability, provide code snippets to demonstrate the exploitation, and link to original references to help further understand the issue.

Description of the Vulnerability (CVE-2024-9120)

CVE-2024-9120 refers to a UAF vulnerability in the Dawn rendering engine within Google Chrome on Windows systems running versions before 129..6668.70. A remote attacker could potentially exploit this vulnerability to cause heap corruption of the victim's system through a crafted HTML page, potentially leading to arbitrary code execution and unauthorized access to their system.

Use After Free vulnerabilities are a type of memory corruption issue where an attacker can use previously freed memory to corrupt data or execute arbitrary code on the victim's system. In this case, the memory in question is associated with the object created and rendered by Google Chrome's Dawn engine.

Exploiting the Vulnerability

To exploit this vulnerability, an attacker would need to create a specially crafted HTML page designed to trigger the UAF issue within the victim's web browser. The following code snippet demonstrates how this could potentially be achieved:

<!DOCTYPE html>
<html>
<head>
  <title>CVE-2024-9120 Proof of Concept</title>
  <script>
    function exploit() {
      var vulnerableObject = new dawnInstance();
      vulnerableObject.freeMemory();
      vulnerableObject.useMemory(); // <-- UAF occurs here
    }
  </script>
</head>
<body>
  <button onclick="exploit()">Trigger Exploit</button>
</body>
</html>

In this example, the attacker creates a new instance of the vulnerable Dawn object and then intentionally frees memory associated with the object. Subsequently, the attacker attempts to use the memory through the useMemory() function, triggering the UAF vulnerability and causing heap corruption.

Please note that this code snippet provides a high-level overview of the exploitation process. In practice, the attacker would need to have a more detailed understanding of the Dawn engine internals and perform additional steps to achieve arbitrary code execution, such as bypassing security mitigations in place.

Original References and Mitigation

Upon discovery, the vulnerability was responsibly reported to Google and has since been addressed in Chrome version 129..6668.70. Users are encouraged to update their Chrome browsers to the latest version to mitigate the risk of this vulnerability. More details about the vulnerability can be found in the following references:

1. Chromium Issue Tracker
2. Google Chrome Release Notes
3. Google Chrome Security Blog

Conclusion

CVE-2024-9120 is a high-severity Use After Free vulnerability in Google Chrome's Dawn rendering engine on Windows systems prior to version 129..6668.70. It highlights the importance of regularly updating web browsers and maintaining awareness of potential security issues that may arise. Users should always ensure they are running the latest version of web browsers, such as Google Chrome, to protect themselves from vulnerabilities like these.

Timeline

Published on: 09/25/2024 01:15:48 UTC
Last modified on: 09/26/2024 13:32:02 UTC