CVE CyberSecurity Database News

CVE-2024-3839 - Out-of-Bounds Read in Chrome Fonts — How It Leaks Private Data via Crafted HTML

Poster -

---

What Is CVE-2024-3839?

CVE-2024-3839 is a security vulnerability found in Google Chrome's Fonts handling before version 124..6367.60. Due to an "out-of-bounds read" bug, remote attackers could use a specially crafted HTML page to read parts of your computer’s memory. This memory might contain personal or sensitive information.

Chromium classified this vulnerability as "Medium" risk, but it's still important, especially since browsers are a major target for attackers.

What’s an Out-of-Bounds Read?

When a program processes data, it uses areas of memory called "buffers." An out-of-bounds read happens if the program accidentally reads outside the part of memory it should. This can expose leftover information from the process's memory.

In this case, malicious code in a website could trick Chrome into revealing bits of data it shouldn't—like cookies, autofill history, or even passwords.

How Attackers Can Exploit CVE-2024-3839

To exploit this vulnerability, an attacker needs you to visit their webpage. They use specially crafted CSS and font files to trigger the out-of-bounds read.

Sample Proof-of-Concept Snippet

Here’s a basic HTML snippet to show how such an attack could begin. (This is for educational purposes only.)

<!DOCTYPE html>
<html>
<head>
<style>
@font-face {
  font-family: 'exploitfont';
  src: url('crafted-font.woff2');  /* Malicious font crafted by the attacker */
}
.leak {
  font-family: 'exploitfont';
  font-size: 100px;
}
</style>
</head>
<body>
<p class="leak">Hello!</p>
<script>
  // JS code could further automate reading from the canvas or other APIs.
</script>
</body>
</html>

The key is the crafted-font.woff2 file. By manipulating font tables, attackers can exploit Chrome’s font renderer to read memory outside the intended bounds.

With help from APIs like Canvas, they could extract and send bits of this memory back to their server.

Other sensitive browser data

Because browsers handle a lot of sensitive stuff, even "small leaks" can add up to bigger risks.

How Can You Protect Yourself?

Update Chrome!

The fix is in Chrome 124..6367.60 and later. If you're running an older version

- Go to chrome://settings/help and allow Chrome to update

Restart your browser

It’s also a good habit to have auto-updates enabled for all browsers.

- Official Chrome Release Notes — Stable Channel Update for Desktop
- Chromium commit referencing CVE-2024-3839
- CVE-2024-3839 at NVD

Summary

CVE-2024-3839 is a medium-severity bug in Google's Chrome browser that, before version 124..6367.60, allowed attackers to steal information from memory using a malicious font on a webpage.

Upgrade your browser to stay safe!

For technical folks: always keep Reading Release Notes and check for security bulletins related to browsers you use.

Timeline

Published on: 04/17/2024 08:15:10 UTC
Last modified on: 05/03/2024 04:15:09 UTC