Security Researcher Discovers Serious Flaw in Chromium, Bags $15,000 Reward

 

A recently patched vulnerability in the Chromium project enabled malicious parties to inject code in embedded site pages, despite the fact that these resources were separated from the parent website. 

Chromium is an open-source browser project that intends to make the web a safer, faster, and more stable experience for everyone. The site provides design documents, architecture overviews, testing information to assists users in learning to build and work with the Chromium source code.

The security researcher who initially discovered the vulnerability presented a proof of concept that illustrates an attacker-controlled website abusing the vulnerability to manipulate the information of an embedded website, despite the fact that the target and destinations are on different servers. 

As illustrated in a recent post on the Chromium website, the vulnerability may be leveraged even if the web browser "site isolation" feature is turned on. Site isolation is a security feature that divides each website into its own process to increase security. 

According to the expert, inter-process communication of isolated processes featured a race condition, which is an attack that targets systems that must execute the task in several phases. If the system is susceptible for a brief period of time between execution steps, the attacker can take advantage of the security vulnerability to make destructive changes. Among other exploits, this flaw may allow intruders to insert malicious code into embedded sites or steal personal information from users. 

The vulnerability was discovered in late March and resolved before the end of April. The security researcher received $15,000 from Google's Vulnerability Rewards Program for his finding. The vulnerability has been demonstrated as a “site isolation break because of double fetch of shared buffer”. 

“We always appreciate working with the research community through our Vulnerability Rewards Program, and thanks to this report we were able to patch the issue in Chrome 90,” a Google spokesman stated The Daily Swig.