Days after Google released a security patch for its latest Google Chromium vulnerability, CISA added the high-severity flaw to its Known Exploited Vulnerabilities Catalog, as they have secured evidence that the bug is being exploited in the wild.
Chrome V8 Type Confusion vulnerability CVE-2023-3079 affects all versions prior to 114.0.5735.110 and is present on Microsoft Windows, Apple macOS, and Linux. The high-severity Google Chromium vulnerability has not been assigned an NVD score yet.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” said the CISA alert.
“Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” said the US National Vulnerability Database description.
Heap corruption is a problem that happens when a program unintentionally damages the memory management system called the “heap.” The heap is responsible for allocating and releasing blocks of memory that the program needs to store and process data.
Google Chromium vulnerability and type confusion
Type confusion is a programming issue that can have serious consequences. When developers write programs, they often declare variables to store different types of data. For example, they may have variables for numbers or variables for storing memory addresses.
In some programming languages like C, it’s crucial to use the correct type for each variable. Mixing up the types can lead to problems. For instance, a number that is safe to use might be completely unsuitable as a memory address.
To understand type confusion, let’s imagine a programmer working on a C program. They have declared two variables: one to store a number and another to store a memory address. The programmer needs to be careful not to mistakenly assign a memory address to the number variable or vice versa.
In the program, memory addresses are represented by hexadecimal numbers such as “0x00370000”. These addresses can be quite large. On the other hand, a valid day number like “23157” is much smaller in comparison.
To make the program more flexible, the programmer decides to use a feature called a “union.” A union allows the same block of memory to be interpreted in different ways. This means they can access the data as either a number or a memory address, depending on the specific usage.
However, using a union introduces a new challenge. The programmer needs to keep track of how the data should be interpreted at any given moment. To do this, they might use a “tag” variable, which indicates the type of data stored in the union. For example, they could set the tag to 1 for a date and 2 for a memory address. This helps prevent confusion and ensures that the data is used correctly.
However, if an external entity gains the ability to modify the tag variable unexpectedly, it can lead to severe problems.
For instance, let’s say the programmer allows unvalidated function addresses to be treated as trusted ones. If someone maliciously changes the tag from 1 to 2 just before the program uses the data, it can execute code that was not intended, possibly leading to security vulnerabilities.
Google Chromium vulnerability: In a nutshell
Google has released a security update on June 5 to address this this Google Chromium vulnerability, which affects the Google Chrome web browser for Windows, macOS, and Linux.
However, the vulnerability is already being exploited in the wild. The vulnerability is caused by a type confusion within the V8 JavaScript engine and could be exploited by a malicious attacker using a specially crafted HTML page to cause heap corruption and potentially execute arbitrary code.
The CVE-2023-3079 vulnerability, which affects Google Chrome versions prior to 114.0.5735.110, highlights the importance of promptly applying security updates to protect against potential exploits and ensure the security of systems using the affected platforms.