Google Chrome DevTools Command Injection Vulnerability Allowing Arbitrary Code Execution

A command injection vulnerability has been identified in the DevTools 'Copy as cURL (cmd)' feature of Google Chrome. This issue affects versions prior to 140.0.7339.80. The vulnerability arises from improper sanitization of untrusted input, specifically tab characters, which can be exploited to execute arbitrary commands on the user's machine. When a crafted cURL command is pasted into a Windows command prompt, the injected commands can be executed with the user's privileges.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the user's machine, potentially leading to unauthorized actions being performed with the user's privileges.

Reproduction

The vulnerability can be reproduced by opening the DevTools in Google Chrome on a Windows machine, navigating to the Network tab, and using the 'Copy as cURL (cmd)' feature to copy a request. The copied command can then be pasted into the command prompt, where the injected payload will be executed, as demonstrated in the attached proof-of-concept video.

Remediation

Users can update to Google Chrome version 140.0.7339.80 or later to address this vulnerability.