{"id":120374,"date":"2022-08-19T14:38:06","date_gmt":"2022-08-19T21:38:06","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=120374"},"modified":"2023-10-13T07:16:37","modified_gmt":"2023-10-13T14:16:37","slug":"uncovering-a-chromeos-remote-memory-corruption-vulnerability","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/08\/19\/uncovering-a-chromeos-remote-memory-corruption-vulnerability\/","title":{"rendered":"Uncovering a ChromeOS remote memory corruption vulnerability"},"content":{"rendered":"\n

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE). Following our D-Bus blog post<\/a> that focused on Linux, we searched for similar D-Bus patterns on other platforms by auditing D-Bus services and their handler code. After locating a local memory corruption issue, we discovered the vulnerability could be remotely triggered by manipulating audio metadata. Attackers could have lured users into meeting these conditions, such as by simply playing a new song in a browser or from a paired Bluetooth device, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely.<\/p>\n\n\n\n

After carefully reviewing the implications, a Microsoft security researcher shared the vulnerability with Google in April 2022 and also reported it with the Chromium bug tracking system<\/a>. Fixes for the vulnerability, which is assigned as CVE-2022-2587<\/a> and has a Common Vulnerability Scoring System (CVSS<\/a>) score of 9.8 (classifying the vulnerability as critical), were quickly released and have been successfully deployed to end users<\/a>. We\u2019d like to thank the Google team and the Chromium community for their professional resolution and collaborative efforts.<\/p>\n\n\n\n

This research coupled with the recent release of ChromeOS Flex<\/a>, which can convert various legacy PCs and Macs into Chromebooks, emphasizes the importance of analyzing and monitoring security for devices running ChromeOS. Moreover, as even the most hardened operating systems might contain security bugs, we emphasize the need for strong monitoring of all cross-platform devices and operating systems. The best approach for protecting unmanaged devices is by using Microsoft Defender for Endpoint’s device discovery capabilities<\/a> to monitor suspicious traffic and help detect attacker activities on such devices.<\/p>\n\n\n\n

In this blog post, we share some information about the vulnerability and examine how it could be triggered as well as the possible implications. Displaying how our cross-domain expertise helps us uncover new and unknown threats in the effort to continually improve security for all, we also share details from our research with the larger security community to emphasize the importance of collaboration to secure platforms and devices.<\/p>\n\n\n\n

An overview of ChromeOS security<\/h2>\n\n\n\n

One well-known operating system that uses D-Bus is ChromeOS. ChromeOS is a Google-proprietary Linux-based operating system that runs on Chromebooks, Chromeboxes, Chromebits and Chromebases. ChromeOS is a closed-source system with open-source components that are derived from ChromiumOS, and the operating system uses Google\u2019s own Chrome browser as its principal user interface.<\/p>\n\n\n\n

In terms of security, ChromeOS is well hardened<\/a>; some of the security features on ChromeOS include:<\/p>\n\n\n\n