Google Chrome Skia Integer Overflow Vulnerability Leading to Heap Corruption
Vulnerability
A vulnerability in Skia, a graphics library used by Google Chrome, prior to version 132.0.6834.83, allows remote attackers to potentially exploit heap corruption through a crafted HTML page. The issue arises from an integer overflow that can be manipulated to cause out-of-bounds memory access, leading to memory corruption in the GPU process.
Impact
Exploitation of this vulnerability causes a heap-buffer-overflow, which can be exploited to perform a memory corruption attack in the GPU process.
Reproduction
The vulnerability can be reproduced by applying a specific patch to the Skia library, building the Skia benchmarking tool 'skpbench' with undefined behavior sanitization, and then running this tool with a specially crafted SKP file that triggers the integer overflow. The SKP file can be generated using a Python script that creates a path designed to cause the overflow when processed by Skia's rendering engine.
Remediation
Users should update to Google Chrome version 132.0.6834.83 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.