Microsoft identified a memory corruption vulnerability in ChromeOS triggered remotely, which could allow attackers to carry out either a denial-of-service (DoS) or remote code execution (RCE).
Researchers mention that the flaw could be remotely triggered by manipulating audio metadata. Attackers would have tempted the users by simply playing a new song in a browser or from a paired Bluetooth device, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely.
The critical flaw is tracked as CVE-2022-2587 (CVSS score of 9.8) and the flaw was patched in June.
In general, ChromeOS is a Linux-based operating system derived from the open-source Chromium OS and uses the Google Chrome web browser as its principal user interface. It runs on Chromebooks, Chromeboxes, Chromebits, and Chromebases.
The discovered vulnerability falls under the second class, ChromeOS-specific memory-corruption vulnerabilities.
“It was clear that the vulnerability could be triggered via changes to the audio metadata”, Researchers from Microsoft
Researchers state two interesting cases that could both be triggered remotely:
Call tree displaying how the browser or Bluetooth media metadata changes ultimately trigger the vulnerable function
The flaw was identified in the CRAS (ChromiumOS Audio Server) component and could be triggered using malformed metadata associated with songs.
According to Microsoft, “The impact of heap-based buffer overflow ranges from simple DoS to full-fledged RCE.”
“Although it’s possible to allocate and free chunks through media metadata manipulation, performing the precise heap-grooming is not trivial in this case and attackers would need to chain the exploit with other vulnerabilities to successfully execute any arbitrary code”.
Microsoft suggests organizations strictly monitor all devices and operating systems across platforms, including unmanaged devices.
Microsoft Defender for Endpoint’s device discovery capabilities helps out organizations locate unmanaged devices, including those running ChromeOS, and discover if they are being operated by attackers when they start performing network interactions with servers and other managed devices.
Download Free SWG – Secure Web Filtering – E-book
WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…