U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A crafted PDF document can hack your Chrome PDF reader, Update Chrome now!

A security expert discovered that a crafted PDF document that includes an embedded JPG2000 image can trigger a buffer overflow in the Chrome PDF reader. The security expert Aleksandar Nikolic from the Cisco Talos group has discovered an arbitrary code execution vulnerability (CVE-2016-1681) in PDFium, which is the PDF reader component installed by default in Google Chrome […]

A crafted PDF document can hack your Chrome PDF reader, Update Chrome now!

A security expert discovered that a crafted PDF document that includes an embedded JPG2000 image can trigger a buffer overflow in the Chrome PDF reader.

The security expert Aleksandar Nikolic from the Cisco Talos group has discovered an arbitrary code execution vulnerability (CVE-2016-1681) in PDFium, which is the PDF reader component installed by default in Google Chrome browser.

“Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.” states the description of the National Vulnerability Database.

The expert discovered that a crafted PDF document that includes an embedded JPG2000 (JP2) image can trigger an exploitable heap buffer overflow.

According to Nikolic could be the result in coding error by the Chrome development Team that hasn’t implemented an assert call in the OpenJPEG library that prevents the exploitation of the heap overflow.

“A heap buffer overflow vulnerability is present in the jpeg2000 image parser library as used by the Chrome’s PDF renderer, PDFium. The vulnerability is located in the underlying jpeg2000 parsing library, OpenJPEG, but is made exploitable in case of Chrome due to special build process.” wrote Nikolic

“An existing assert call in the OpenJPEG library prevents the heap overflow in standalone builds, but in the build included in release versions of Chrome, the assertions are omitted. The source of the vulnerability is located in the following code in function `opj_j2k_read_siz` in `j2k.c` file:”

Chrome PDF reader flaw

Summarizing, it is enough that an attacker creates a PDF document that causes PDFium invoking the flawed implementation of the OpenJPEG library, in this way it create a buffer overflow.

Google promptly fixed the vulnerability, it applies a simple and effective solution by using a single line of code that changed an assert to anif. Below the timeline of the flaw in the Chrome PDF reader:

Timeline:

2016-05-19: Bug reported
2016-05-19: Bug acknowledged
2016-05-20: Bug fixed, with fix publicly available in chromium
2016-05-25: Bug fix shipped in Chrome Stable 51.0.2704.63
2016-06-08: Talos releases details 

The last Chrome version 51.0.2704.63 include the fix for the Chrome PDF reader.

Be careful, the Google Chrome Browser implements an automatic update process, but users must still restart their browser to enable the changes

Such kind of flaw is very insidious because users frequently browse PDF documents, just by opening a malicious document it could cause problems to a vulnerable browser.

Don’t waste time, update your Google Chrome Browser!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Chrome PDF reader, Heap-based buffer overflow)