Google Web Designer Client-Side Remote Code Execution Vulnerability via Symbolic Link Mismanagement
Vulnerability
A client-side remote code execution vulnerability has been identified in Google Web Designer versions prior to 16.2.0.0128 on macOS and Linux. The issue arises from improper symbolic link resolution in the application's preview feature, allowing attackers to execute malicious code on victims' computers. Exploitation on Windows is unlikely due to default policy restrictions on symbolic link creation.
Impact
Exploitation of this vulnerability allows for client-side remote code execution on affected systems.
Reproduction
To reproduce this vulnerability, extract a malicious ZIP package containing a crafted HTML file and symbolic links to a directory within the user directory hierarchy. Then, open the HTML file in Google Web Designer and use the preview feature, which triggers the execution of the malicious payloads planted by the symbolic links.
Remediation
Users can update to Google Web Designer version 16.2.0.0128 or later, available through the Google Web Designer website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.