CVE-2015-6760 in Chrome
Summary
by MITRE
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/22/2022
The vulnerability identified as CVE-2015-6760 resides within the libANGLE library's D3D11 renderer implementation, specifically in the Image11::map function located at renderer/d3d/d3d11/Image11.cpp. This flaw affects Google Chrome versions prior to 46.0.2490.71 and represents a critical issue in graphics processing that can be exploited remotely. The vulnerability stems from improper handling of mapping failures that occur following device-lost events, creating a scenario where the application fails to properly validate or recover from graphics hardware disruptions. The underlying problem manifests when the graphics device becomes unavailable due to various conditions such as driver crashes, hardware failures, or system resource constraints, yet the application continues to attempt operations on already invalid device resources.
The technical exploitation of this vulnerability occurs when a device-lost event occurs during graphics rendering operations, followed by an attempt to map graphics resources that have become invalid. The Image11::map function fails to properly detect and handle these mapping failures, leading to potential invalid memory accesses. This condition can result in either invalid read operations that attempt to access memory locations that are no longer valid or invalid write operations that could corrupt memory regions. The vulnerability falls under CWE-121, which addresses stack-based buffer overflow conditions, and CWE-125, which covers out-of-bounds read conditions. From an attack perspective, this represents a classic case of improper error handling in graphics processing pipelines, where the application does not adequately validate the state of graphics resources before attempting operations on them.
The operational impact of CVE-2015-6760 extends beyond simple denial of service to potentially enable more severe consequences including arbitrary code execution. When a device-lost event occurs, the graphics subsystem transitions into an invalid state where previously valid resource handles become unusable. However, the flawed implementation in libANGLE does not properly check for these invalid states, allowing attackers to craft malicious web content that triggers device-lost conditions and then exploits the subsequent improper resource handling. This vulnerability aligns with ATT&CK technique T1059.007, which involves the use of scripting languages for exploitation, and T1499.004, covering network denial of service attacks through resource exhaustion. The attack surface is particularly concerning as it affects the browser's graphics rendering pipeline, which is frequently utilized during normal web browsing activities.
Mitigation strategies for CVE-2015-6760 primarily involve updating to Google Chrome version 46.0.2490.71 or later, which contains the necessary patches to properly handle device-lost events and mapping failures. Organizations should also implement robust patch management procedures to ensure timely deployment of security updates across all browser installations. Additionally, system administrators can consider implementing browser hardening measures such as disabling unnecessary graphics features, using sandboxing mechanisms, and monitoring for unusual graphics-related activity that might indicate exploitation attempts. The fix implemented by Google addresses the root cause by ensuring proper state validation before attempting resource mapping operations and implementing more robust error handling for device-lost scenarios. Security monitoring should focus on identifying potential exploitation attempts through unusual graphics processing patterns and memory access violations that may occur during browser operation.