Microsoft Vulnerability Research Advisory MSVR11-001
Use-After-Free Object Lifetime Vulnerability in Chrome Could Allow Sandboxed Remote Code Execution
Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome browser versions prior to 6.0.472.59. Microsoft engineers discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Google Inc. Google Inc. has remediated the vulnerability.
A sandboxed remote code execution vulnerability exists in the way that Google Chrome attempts to reference memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox. The Google Chrome Sandbox is read and write isolated from the local file system which limits an attacker.
Microsoft Vulnerability Research reported this issue to and coordinated with the Chromium Project and the Google Security Team to ensure remediation of this issue. This vulnerability has been assigned the entry, CVE-2010-1823, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from Google, see Google Chrome Releases: Announcements and release notes for the Google Chrome browser.
- In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
- Successful exploitation of this vulnerability does not allow for code to run outside of the Google Chrome Sandbox, which is read and write isolated from the local file system, although other attacks may be possible.
Purpose of Advisory: To notify users of a vulnerability and its remediation.
Advisory Status: Advisory published.
Recommendation: Review the Suggested Actions section and configure as appropriate.
For more information about this issue, see the following references:
This advisory discusses the following software.
|Google Chrome version 6.0.472.55 and earlier|
|Google Chrome version 6.0.472.59|
Microsoft thanks the following:
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (April 19, 2011): Advisory published.