Vulnerability ID 5608

Google Chrome up to 19.0.1084.57 PDF JS API Integer buffer overflow

Google
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
7.0$5k-$10k

A vulnerability classified as critical was found in Google Chrome up to 19.0.1084.57. This vulnerability affects an unknown function of the component PDF JS API. The manipulation with an unknown input leads to a buffer overflow vulnerability (integer). As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was presented 06/26/2012 by Mateusz Jurczyk (j00ru) with Google Security Team as 132156. The advisory is shared for download at code.google.com. The public release was coordinated in cooperation with the vendor. This vulnerability was named CVE-2012-2833 since 05/19/2012. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are unknown but a public exploit is available.

As 0-day the estimated underground price was around $50k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 59750 (FreeBSD : chromium -- multiple vulnerabilities (ff922811-c096-11e1-b0f4-00262d5ed8ee)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120297.

Upgrading to version 20.0.1132.43 eliminates this vulnerability. The upgrade is hosted for download at google.com. The problem might be mitigated by replacing the product with Mozilla Firefox, Microsoft Internet Explorer, Opera as an alternative. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 54203), X-Force (76570), Secunia (SA49724) and Vulnerability Center (SBV-36054). Additional details are provided at googlechromereleases.blogspot.de. Similar entries are available at 5585, 5586, 5587 and 5588.

CVSSv3

Base Score: 7.3 [?]
Temp Score: 7.0 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C [?]
Reliability: High

CVSSv2

Base Score: 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P) [?]
Temp Score: 5.9 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Buffer overflow (CWE-119)
Local: No
Remote: Yes

Availability: No
Access: Public

Current Price Estimation: $50k-$100k (0-day) / $5k-$10k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 59750
Nessus Name: FreeBSD : chromium -- multiple vulnerabilities (ff922811-c096-11e1-b0f4-00262d5ed8ee)
Nessus File: freebsd_pkg_ff922811c09611e1b0f400262d5ed8ee.nasl
Nessus Family: FreeBSD Local Security Checks
OpenVAS ID: 71529
OpenVAS Name: FreeBSD Ports: chromium
OpenVAS File: freebsd_chromium17.nasl
OpenVAS Family: FreeBSD Local Security Checks
Qualys ID: 120297

Countermeasures

Recommended: Upgrade
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Upgrade: Chrome 20.0.1132.43
Alternative: Mozilla Firefox, Microsoft Internet Explorer, Opera

Timeline

05/19/2012 CVE assigned
06/26/2012 +38 days SecurityFocus entry assigned
06/26/2012 +0 days VulnerabilityCenter entry assigned
06/26/2012 +1 days Vendor acknowledged
06/26/2012 +0 days Advisory disclosed
06/26/2012 +0 days Countermeasure disclosed
06/27/2012 +0 days VulDB entry created
06/27/2012 +0 days NVD disclosed
06/27/2012 +0 days OSVDB entry created
09/03/2012 +68 days VulnerabilityCenter entry created
05/18/2014 +622 days VulnerabilityCenter entry updated
07/08/2015 +417 days VulDB entry updated

Sources

Advisory: 132156
Researcher: Mateusz Jurczyk (j00ru)
Organization: Google Security Team
Status: Confirmed
Confirmation: code.google.com
Coordinated: Yes

CVE: CVE-2012-2833 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 54203 - Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
Secunia: 49724 - Google Chrome Multiple Vulnerabilities, Highly Critical
X-Force: 76570
Vulnerability Center: 36054 - The PDF Functionality in Google Chrome Before 20.0.1132.43 Remote DoS Vulnerability, Medium
OSVDB: 83249 - Google Chrome PDF Viewer util.printf JavaScript API Buffer Overflow

Misc.: googlechromereleases.blogspot.de
See also: 5585, 5586, 5587, 5588, 5589, 5591, 5592, 5593, 5598, 5599, 5600, 5601, 5602, 5603

Entry

Created: 06/27/2012
Updated: 07/08/2015
Entry: 96.5% complete