ChromeOS Remote Memory Corruption Flaw Let Attackers Perform DoS Attack

Microsoft identified a memory corruption vulnerability in ChromeOS resulted in remotely, which may presumably presumably enable attackers to develop both a denial-of-service (DoS) or far off code execution (RCE).

Researchers mention that the flaw may presumably presumably presumably be remotely resulted in by manipulating audio metadata. Attackers would own tempted the customers by merely taking part in a glossy track in a browser or from a paired Bluetooth tool, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely.

The excessive flaw is tracked as CVE-2022-2587 (CVSS ranking of 9.8) and the flaw became patched in June.

Safety Formulation on ChromeOS

In general, ChromeOS is a Linux-primarily based mostly working system derived from the open-supply Chromium OS and makes employ of the Google Chrome internet browser as its necessary user interface. It runs on Chromebooks, Chromeboxes, Chromebits, and Chromebases.

• Hardened sandbox (known as minijail)
• Verified boot
• Locked-down filesystem (mounted with noexec, nosuid, nodev) and dm-verity
• Root user restrictions (SECURE_NOROOT)
• When boost mode is entered, all within the community saved knowledge is wiped

ChromeOS Vulnerabilities Drop into Surely one of Three Various Lessons:

• ChromeOS-converse common sense vulnerabilities
• ChromeOS-converse memory-corruption vulnerabilities
• Broader threats equivalent to Chrome browser vulnerabilities

The found vulnerability falls below the second class, ChromeOS-converse memory-corruption vulnerabilities.

“It became positive that the vulnerability may presumably presumably presumably be resulted in by changes to the audio metadata”, Researchers from Microsoft

Researchers say two attention-grabbing conditions that will presumably well both be resulted in remotely:

• From the browser: the browser’s media aspect invokes the feature when metadata is modified, equivalent to when taking part in a glossy track within the browser.
• From Bluetooth: the media session service within the working system invokes the feature when a track’s metadata changes, which may happen when taking part in a glossy track from a paired Bluetooth tool.

Call tree exhibiting how the browser or Bluetooth media metadata changes one way or the other blueprint off the inclined feature

The flaw became identified within the CRAS (ChromiumOS Audio Server) aspect and may presumably presumably presumably be resulted in utilizing malformed metadata associated with songs.

In maintaining with Microsoft, “The impact of heap-primarily based mostly buffer overflow ranges from straight forward DoS to fat-fledged RCE.”

“Even supposing it’s doable to allocate and free chunks thru media metadata manipulation, performing the right heap-grooming will not be trivial in this case and attackers would desire to chain the exploit with other vulnerabilities to successfully manufacture any arbitrary code”.

Suggestions on how to Defend Towards the Evolving Menace?

Microsoft suggests organizations strictly show screen all devices and working methods all over platforms, in conjunction with unmanaged devices.

Microsoft Defender for Endpoint’s tool discovery capabilities helps out organizations detect unmanaged devices, in conjunction with these working ChromeOS, and discover if they are being operated by attackers after they delivery performing community interactions with servers and other managed devices.

Collect Free SWG – Stable Net Filtering – Guide