Google Chrome V8 Heap Corruption Vulnerability Allowing Potential Remote Code Execution

A vulnerability in the V8 JavaScript engine of Google Chrome has been identified, allowing remote attackers to exploit heap corruption through a crafted HTML page. This issue affects Google Chrome versions prior to 128.0.6613.84, as well as other browsers that use the Chromium engine, such as Microsoft Edge and Opera. The vulnerability arises from an inappropriate implementation in V8, specifically in the Turboshaft compiler, where the optimization of certain instructions can be manipulated, leading to memory corruption. This flaw has been exploited in the wild, with reports indicating its use in ransomware campaigns.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to a segmentation fault. However, such memory corruption issues can often be exploited to execute arbitrary code, especially in a sandboxed environment like a web browser.

Reproduction

The vulnerability can be reproduced by creating a JavaScript function that uses a switch statement. The function should be optimized and then called multiple times. This process will trigger the vulnerability by causing improper handling of the switch case, leading to memory corruption.

Remediation

Users should update to Google Chrome version 128.0.6613.84 or later, where this vulnerability has been fixed. For ChromeOS, the update is already available.