Google Chrome DevTools Pathname Limitation Bypass Vulnerability on Windows

A vulnerability in Google Chrome's DevTools on Windows, prior to version 134.0.6998.35, allowed malicious extensions to bypass file access restrictions. This was achieved by exploiting improper limitations on pathnames, enabling the extension to access restricted files. The issue could lead to the leakage of sensitive information, such as the user's NTLM hash.

Impact

Exploitation of this vulnerability allowed for unauthorized access to file URLs, including UNC paths, which could be used to leak sensitive information like the user's NTLM hash.

Reproduction

The vulnerability can be reproduced by installing a malicious Chrome extension that requests debugger permissions but does not have file URL access. After installation, the extension can be manipulated to open UNC paths through the Chrome debugger, bypassing file access restrictions and leaking the user's NTLM hash.

Remediation

Users should update to Google Chrome version 134.0.6998.35 or later, where this vulnerability has been fixed.