banner



Home  ›  Chrome flaw in PDFium allowed hackers to run malicious code

Chrome flaw in PDFium allowed hackers to run malicious code

Written By Monday, February 28, 2022 Add Comment Edit

google Chrome Security

A serious vulnerability in Chrome allowed hackers to execute arbitrary code on a target estimator by using PDF documents.

Chrome's capricious code execution flaw in the default PDF viewer

Researchers at Cisco Talos limb have discovered an arbitrary code execution flaw in PDFium - the default PDF reader that Google installs automatically in the Chrome browser. Discovered by Aleksandar Nikolic of Cisco, CVE-2016-1681 is a heap buffer overflow that affects PDFium. The vulnerability in thejpeg2000 image parser library (OpenJPEG) triggered an exploitable heap buffer overflow. Researcher said an attacker could take exploited this flaw for arbitrary code execution by embedding a particularly crafted jpeg2000 image in a PDF document.

By merely viewing a PDF document that includes an embedded image, attacker could have achieved lawmaking execution on a target organization. A hacker could "identify a malicious PDF file on a website and then redirect victims to the website using either phishing emails or fifty-fifty malvertising," achieving code execution capabilities.

The flaw is a small-scale error made past Chrome's developers, Nikolic wrote in a blog post. "An existing affirm call in the OpenJPEG library prevents the heap overflow in standalone builds, but in the build included in release versions of Chrome, the assertions are omitted." When PDFium invoked the OpenJPEG library, this omission created a buffer overflow, letting criminal hackers to start doing their own things.

Nikolic has confirmed that Google has patched the flaw, with a unmarried line of code, "promoting a problematic `affirm` to an `if` statement." The researcher informed Google near the problems on May 19th, which the search giant promptly stock-still on May 25th, rating the vulnerability as loftier severity. Nikolic was awarded $3,000 for the bug findings.

Users are recommended to update their Chrome browsers to the very latest version 51.0.2704.63 to benefit from this and 41 other security patches.

Source: https://wccftech.com/chrome-flaw-in-pdfium-allowed-hackers-to-run-malicious-code/

Posted by: gilmorepeentwer.blogspot.com

0 Response to "Chrome flaw in PDFium allowed hackers to run malicious code"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel