As the S4E team, we are always interested in new vulnerabilities and challenging bounty programs. Although we focus on customer feedback on our products in the early stage of our startup, we conduct various vulnerability studies whenever we can.
One of them is the use after free vulnerability that we detected in the latest version of Google Chrome.
How Did We Detect Google Chrome Use After Free Vulnerability?
We noticed that our chrome process and operating system crashed during product development due to writing a long warning message in the options part of the HTML select element.
We debugged the Google Chrome browser and found that the following error message was written to the log when we triggered it by typing a specific number and some special characters (including some HTML tags) into the options part of the select element.
==40998==ERROR: AddressSanitizer: heap-use-after-free on address 0x61600000dce4 at pc 0x55e40c87ca32 bp 0x7ffdb5e46fd0 sp 0x7ffdb5e46fc8
The operating system and Google Chrome version information in which we detected the vulnerability are as follows:
Chrome Version: [91.0.4472.77] + [stable] (Official Build) (64-bit)
Operating System: [Kali GNU/Linux version 2020.1, Ubuntu version 20.04.2 LTS, Ubuntu version 20.04.1 LTS]
You can find the PoC code of the vulnerability from the GitHub repository.
While reporting the vulnerability to the Google Security team, we saw what a significant bug and vulnerability management system Google has.
Due to the vulnerability we detected, we, as the S4E team, were awarded 6000 USD by Google.
What To Do?
In a similar situation or against the risk of an unknown vulnerability in your current browser, follow the steps below.
Regularly install the latest stable update provided by Google.
Run all software as a non-privileged user (without administrative privileges) to mitigate the effects of a successful attack.
As much as possible, do not visit untrusted websites, do not follow links provided by unknown or untrusted sources. Do not click on links, especially in emails or attachments from untrusted sources.
Apply the Principle of Least Privilege to any IT infrastructure you use.