Google Chrome Skia Use-After-Free Vulnerability Allowing Heap Corruption

A use-after-free vulnerability has been identified in the Skia graphics library used by Google Chrome. This issue affects Chrome versions prior to 133.0.6943.53. The vulnerability allows remote attackers to potentially exploit heap corruption by crafting a malicious HTML page. The problem arises from improper memory management, where freed memory is accessed again, leading to possible memory corruption and exploitation.

Impact

Exploitation of this vulnerability can lead to a heap-use-after-free condition, allowing for memory corruption in the browser's rendering process. Such heap corruption vulnerabilities can often be exploited to execute arbitrary code in the context of the user.

Reproduction

The vulnerability can be reproduced by serving a crafted HTML file that exploits the use-after-free condition in Skia. This can be done using a simple HTTP server. The vulnerable version of Chrome must be launched with the '--no-sandbox' and '--disable-gpu-compositing' flags, which disable important security features and GPU compositing, respectively. These flags can be used to bypass certain protections and trigger the vulnerability more easily.

Remediation

Users can update to Google Chrome version 133.0.6943.53 or later, where this vulnerability has been fixed.