The issue relates to a use-after-free case in the command optimization component, which successful exploitation “could allow an attacker to execute arbitrary code in the context of the browser.”
The bug, identified in the Chrome 101 Dev Channel release, was reported to Google by Weibo Wang, a security researcher at Singapore-based cybersecurity firm Numen Cyber Technology, and has since been quietly fixed by the company.
“This vulnerability occurs at the instruction selection stage where the wrong instruction was selected, resulting in a memory access exception,” Wang said.
Use-after-free errors occur when previously freed memory is accessed, resulting in undefined behavior and causing a program to crash, use corrupted data, or even arbitrary code execution.
Even more worrisome, the flaw can be remotely exploited via a specially crafted website to bypass security restrictions and execute arbitrary code to compromise the targeted systems.
“This vulnerability can be further exploited through heap spraying techniques and then leads to a type confusion vulnerability,” Wang explained. “The vulnerability allows an attacker to control function pointers or write code anywhere in memory, ultimately leading to code execution.”
The company has not yet disclosed the vulnerability via the Chromium bug tracker portal in order to give as many users as possible the opportunity to install the patched version first. Also, Google does not assign CVE IDs for vulnerabilities found in unstable Chrome channels.
Chrome users, especially developers using the Dev Edition of Chrome for testing to ensure their applications are compatible with the latest Chrome features and API changes, should update to the latest available version of the software.
|Patched TurboFan assembly instructions after security vulnerability|
This is not the first time use-after-free vulnerabilities have been discovered in Chrome. Google fixed seven such bugs in web browsers in 2021, which were exploited in real-world attacks. This year also fixed an actively exploited use-after-free vulnerability in the animation component.