CVE CyberSecurity Database News

CVE-2024-1694 - Simple Guide to a High-Severity Local Exploit in Google Update for Chrome

Poster -

Google Chrome is one of the world's most popular browsers, and its security is crucial for millions of users. In early 2024, a high-severity vulnerability, CVE-2024-1694, was disclosed that affects the Google Updator tool used by Chrome. Let’s break down what this is, how it works, and what you need to know if you’re a developer, system administrator, or just a curious user.

What is CVE-2024-1694?

CVE-2024-1694 is a security flaw due to an inappropriate implementation in Google Updator, the component responsible for updating Chrome. This bug allowed a local attacker to bypass discretionary access control (DAC) by leveraging a malicious file. If exploited, it could allow someone with already limited access to your computer to create or replace files in protected directories, or even escalate their privileges in certain cases.

How Did the Vulnerability Work?

The problem was related to file permissions and how Updator handles them while updating Chrome. The intended behavior is for the updater to only allow privileged users (like SYSTEM or Administrators) to control certain files. But due to a bug, the updater could be tricked into reading or replacing protected files via a craftily-placed symbolic link or a similarly named file in a user-writable location.

Say, for example, the updater wrote temporary files to a directory where regular users had write access. By placing a symbolic link there, an attacker could redirect this write operation to a sensitive location, causing the updater (running with higher privileges) to overwrite or drop files it shouldn’t.

Simulated Exploit Scenario

Here’s a simplified example in code (for educational purposes only!) that shows how an attacker might set up this scenario in a Windows environment:

:: Example for Windows, assuming attacker has local user rights

:: Set up a writable temp directory
set TMPDIR=C:\Users\victim\AppData\Local\Temp\google_update

:: Clean up directory for demo
rd /s /q %TMPDIR%
mkdir %TMPDIR%

:: Create a symbolic link in the temp directory to a protected file
:: (Requires developer mode or admin to create links, but attacker might leverage another misconfiguration)
mklink %TMPDIR%\update_config.xml C:\Windows\System32\important_config.xml

:: Wait for Google Updator to run
:: When the Updator writes update_config.xml in temp, it'll actually overwrite important_config.xml instead

> IMPORTANT: Real-world attacker scripts can be much more complex and weaponized. This is just a basic demonstration.

References & More Reading

- CVE Details: CVE-2024-1694 on NIST

Chromium Security Bug Tracker:

Google Issue 41449981 (PRIVATE - summary only)

Official Patch Notes:

Chrome 123..6312.86 Security Fixes

Mitre CVE Record:

MITRE CVE-2024-1694

How Was It Fixed?

Google addressed this vulnerability in Google Updator 1.3.36.351 and later versions, by ensuring that:

If you use Chrome, chances are you're already safe, since Google auto-updated both the browser and its updater quickly. But if you manage a fleet of Windows machines, make sure you’re running at least Updator 1.3.36.351.

- Regular security hygiene: Local attackers usually need a foothold first. Good endpoint security helps prevent this.

Final Thoughts

CVE-2024-1694 is a reminder that even tools meant to keep us secure can sometimes introduce new risks. By understanding how such bugs work and ensuring timely updates, you’re helping keep your data and systems secure. Stay patched and stay safe!

*For exclusive original reporting and more vulnerabilities explained in plain English, bookmark this page and check back often!*


Note: This post is for educational and informational purposes only. Never attempt to exploit vulnerabilities on systems you don’t own or have explicit permission to test. If you discover a vulnerability, always report it responsibly.

Timeline

Published on: 06/07/2024 20:15:10 UTC
Last modified on: 08/01/2024 13:46:10 UTC