Google has seemingly made it a sport to point out security issues with Windows as it purports to protect its Chrome users on the platform, but a new bug found by Microsoft put the onus back on Google to patch ChromeOS.
After years of proverbial finger wagging from Googles ‘Project Zero” bug bounty engineers who have found legitimate issues with Windows, Microsoft is firing back with a find of its own with the platform misusing strcpy().
According to the Chromium bug log, Security: ChromeOS cras D-Bus SetPlayerIdentity causes memory corruption severe enough for both Microsoft’s 365 Defender Research Team and Google to take action.
After locating a local memory corruption issue, we discovered the vulnerability could be remotely triggered by manipulating audio metadata. Attackers could have lured users into meeting these conditions, such as by simply playing a new song in a browser or from a paired Bluetooth device, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely.
In a more technical sense, from the command line, a heap-based buffer overflow could be triggered by passing a string of 128bytes to the dbus-send utility, the end result could be a simple Denial of Service or full-fledge Remote Code Execution.
After discovering the bug Microsoft tagged it with CVE-2022-2587 and with a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10 as far as critical efficacy.
Fortunately, this was all done back in April 2022 and has since been patched by Google and its ChromeOS team. In roughly a week, “the code was committed and, after several mergers, made generally available to users. We thank the Google team and the Chromium community for their efforts in addressing the issue,” Jonathan Bar Or of the Microsoft 365 Defender Research Team reported.
Despite being bitter business rivals, both Google and Microsoft lean on another to provide their customers with software and security solutions with Google needing Windows secure for Chrome browser users and now Microsoft needing Google’s help in keeping the Chromium project clear of threats, as it’s become the baseline for its reinvented Edge browser.
