Microsoft Vulnerability Research Advisory MSVR11-001
Use-After-Free Object Lifetime Vulnerability in Chrome Could Allow Sandboxed Remote Code Execution
Published: April 19, 2011
Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome browser versions prior to 6.0.472.59. Microsoft engineers discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Google Inc. Google Inc. has remediated the vulnerability.
A sandboxed remote code execution vulnerability exists in the way that Google Chrome attempts to reference memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox. The Google Chrome Sandbox is read and write isolated from the local file system which limits an attacker.
Microsoft Vulnerability Research reported this issue to and coordinated with the Chromium Project and the Google Security Team to ensure remediation of this issue. This vulnerability has been assigned the entry, CVE-2010-1823, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from Google, see Google Chrome Releases: Announcements and release notes for the Google Chrome browser.
- In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
- Successful exploitation of this vulnerability does not allow for code to run outside of the Google Chrome Sandbox, which is read and write isolated from the local file system, although other attacks may be possible.
Purpose and Recommendation
Purpose of Advisory: To notify users of a vulnerability and its remediation.
Advisory Status: Advisory published.
Recommendation: Review the Suggested Actions section and configure as appropriate.
For more information about this issue, see the following references:
Affected and Non-Affected Software
This advisory discusses the following software.
|Google Chrome version 6.0.472.55 and earlier|
|Google Chrome version 6.0.472.59|
Frequently Asked Questions
What is the scope of this advisory?
This advisory is part of a coordinated release with affected vendors to inform customers of a security issue that may affect their systems.
Is this a security vulnerability that requires Microsoft to issue a security update?
No. This vulnerability has been fixed via an update from the affected third-party vendor. The update remediates the software listed in the table, Affected Software.
What is the scope of the vulnerability?
This is a remote code execution vulnerability. However, an attacker who successfully exploited this vulnerability could only execute code within the Google Chrome Sandbox.
What causes the vulnerability?
When attempting to parse specially crafted Web content, Google Chrome references memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox.
How could an attacker exploit the vulnerability?
An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution within the Google Chrome Sandbox.
Users do not need to take any action other than verify that Google Chrome is in its default configuration to install updates automatically. Please see Google Chrome Releases: Announcements and release notes for the Google Chrome browser for additional information.
Microsoft thanks the following:
- David Weston of Microsoft for discovering this issue and Google Chrome Security Team for working towards a resolution
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (April 19, 2011): Advisory published.
Built at 2014-04-18T13:49:36Z-07:00