If you’re a fan of the Google Chrome or Microsoft Edge browsers, you probably get updates automatically and are already up to date.
but…
… In case you missed the update recently, we suggest the following: Go check it out right nowThis is because the Chromium browser core, on which both Edge and Chrome are based, has been patched not one, but two. Zero-day remote code execution (RCE) Recent bugs.
Google is keeping details of these bugs private for the time being. Probably because it’s easy to exploit if you know exactly where to look.
After all, it’s easy to find a needle even in a huge haystack if someone tells you which pile it’s in before you start.
Browser-based security vulnerabilities that cause remote code execution It is always worth considering seriously, especially if it is already known and used by cybercriminals.
and zero dayis, by definition, a bug that the Bad Guys found first, so there was no day in advance to patch it.
RCEs considered harmful
RCE literally means. Someone outside your network, outside your home, outside your business, or even halfway around the world can tell your device, “Run this program the way I choose.” , will not provide anything to the currently logged in user.”
Normally, when you’re browsing, you’ll get at least some kind of warning if a remote website tries to lure you with potentially dangerous content. Do you want to download this file? Asking dialog or popup Are you really sure (Yes/No)?
Sometimes, depending on your chosen browser settings or restrictions imposed by your IT system administrator, you may receive a notification like this: Sorry, that option/file/download isn't allowed.
However, browser RCE bugs are usually caused just by viewing a web page. without clicking a button or displaying an alertYou can provide an attacker with a security hole. This allows them to trick your browser into executing malware code without your leave.
Common ways this kind of security hole can be triggered include: booby-trapped HTML content; Malformed images or other multimedia files that cause the browser to choke while preparing the content for display.
For example, if an image appears to require only a few kilobytes of memory, but later turns out to contain megabytes of pixel data, we want the browser to reliably detect this anomaly and not fill megabytes of pixels with kilobytes. of memory space.
that buffer overflowIt corrupts system memory in such a way that a well-prepared attacker can predict and exploit the damage.
Likewise, if your JavaScript code tells the browser “Here’s a string representing a time and date that you need to remember later”, the browser will send that data as text.
However, if the JavaScript system can later be tricked into using the same block of data as if it were a memory address (in C or C++ terms, needle) indicating where the program should go next, a well-prepared attacker could trick the browser into treating what arrives as harmless data as a remotely served mini-program that will be executed.
in technical terms shellcodeIn venerable Unix terminology password means a series of program instructions, husks A generic name for a control prompt at which you can run a series of commands of your choice.
Imagine opening Terminal app on Mac or PowerShell Prompts in Windows – This is what cybercriminals use RCE loopholes to do burst the shellIt is jokingly called in the trade on your device.
To make matters worse, these kinds of “popped” remote shells usually run entirely in the background and are invisible to anyone currently sitting in front of the computer. Device behind your back.
Zero Day 2 Pack
When we provided the RCE example above, we did not accidentally select booby-trapped image files and malicious JavaScript code.
Two zero-day Chrome bugs that have been fixed in the past few days are highlighted as examples because they are:
- CVE-2023-2033: In google chrome before 112.0.5615.121 type mess in V8. remote attacker Potential heap corruption exploit Chromium Security Severity via crafted HTML page: High.
- CVE-2023-2136: Integer overflow in Skia on Google Chrome before 112.0.5615.137. A remote attacker who compromised the renderer process could potentially Perform sandbox escape Chromium Security Severity via crafted HTML page: High.
V8 is the name of Chromium’s open-source JavaScript engine where JavaScript embedded in web pages is processed.
And Skia is an open-source graphics library created by Google and used by Chromium to convert HTML commands and embedded graphical content into screen pixels that represent the visual shape of a page. (The process of converting HTML to on-screen graphics is known in jargon as: expression one page.)
all type confusion bug It works similarly to the pointer-texted example given above. A chunk of data that needs to be processed according to a set of security rules inside the JavaScript process is used in an insecure way.
It’s like taking a guest pass at a building’s reception desk and then discovering that you can fool security by positioning the pass with your thumb to cover the “I’m only a guest” label. The guards inside the building let you go where you shouldn’t and do things you shouldn’t.
and integer overflow This is where arithmetic calculations go wrong because the numbers get too big, in the same way that time on a clock cycles once or twice a day.
For example, if you advance an analog clock at 10 o’clock 12 o’clock, the time will return to 10 o’clock 1 o’clock because the clock face only shows 1 to 12 o’clock. Likewise, when a digital clock strikes midnight, it goes back from 23:59 to 00:00 because it cannot count to 24.
What should I do?
Wouldn’t it be nice if there was a single version number that could be checked across all Chromium-based browsers and all supported platforms?
Unfortunately, there is no such entry, so we’ve reported the reason we found it below.
at the time of writing [2023-04-24T16:00Z]The official laptop version of Chrome is: 112.0.5615.137 or 112.0.5615.138 for windows, 112.0.5615.137 for Mac, and 112.0.5615.165 for Linux.
Anything above this number includes patches for the above two zero-days.
Edge of the laptop 112.0.1722.58 or later.
Unfortunately, Chrome and Edge (just updated) on Android seem to still be on 112.0.5615.136 and 111.0.1661.59 respectively, so it’s worth keeping an eye out for updates over the next few days.
Similarly, the versions of Chrome and Edge that I just updated on iOS show up as 112.0.5615.70 and 112.0.1722.49 respectively, so I’m assuming those versions will be updated soon so that both zero-days are patched.
- Chrome on the laptop. URL visit
chrome://settings/helpIt should display the current version, then check for missing updates and try to bring it up to date if it is not already. - Chrome on iOS. URL
chrome://versionThe current version is displayed. Go to the App Store app and tap your account picture in the top right corner to see if there are any updates you still need to install. you can useUpdate allDo it all at once, or update the apps individually from the list below if you prefer. - Chrome on Android. URL
chrome://versionThe current version is displayed. If there are any Chrome updates you haven’t installed yet, you’ll see an up arrow in the three-dot menu. You must log in to your Google Play account to receive updates. - Edge on your laptop. URL visit
edge://settings/helpIt should display the current version, then check for missing updates and try to bring it up to date if it is not already. - Edge on iOS. URL
edge://versionThe current version is displayed. Go to the App Store app and tap your account picture in the top right corner to see if there are any updates you still need to install. you can useUpdate allDo it all at once or update the apps individually if you prefer. - Edge of Android. URL
edge://versionThe current version is displayed. Open the Google Play app and tap the account blob in the top right corner. move to App and device management This is the screen to find pending updates. you can useUpdate allor do it all at once look closely Update individually.
.