The days has gone when PDF documents commonly considered as safe. A PC security expert has discovered issues with Google Chrome PDF reader because of crafted PDF document Reader. Before discussing on this topic it is required to get information about few terms like Crafted PDF document and Google Chrome PDF reader.
What Is Crafted PDF Document?
PDF document created for special purpose are considered as a crafted PDF.
What is exploitable heap buffer overflow?
Heap overflow belongs from buffer overflow which mainly occurs in heap data area. At run-time memory on heap is dynamically allocated by the application which typically contains program data and get exploited in different manner like corrupting data. This condition may regarded as exploitable heap buffer overflow.
What is heap buffer overflow vulnerability?
This is a flaw found in Adobe Reader and Acrobat in which attackers execute arbitrary code. Failed in exploitation leads to denial of service condition.
A security expert of Cisco Talos group, Aleksandar Nikolic has discovered vulnerability in Chrome PDFium, a component of Chrome PDF Reader which is installed in system default in Google Chrome browser. The Nikolic has mentioned that Google has arbitrary code execution vulnerability (CVE-2016-1681) in PDFium.
The National Vulnerability Database state that “Google Chrome before 51.0.2704.63 uses Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc in J2k.c in Open JPEG as PDFium which allow remote attackers or spammers to cause denial of service or other unclear impact via crafted PDF document”.
Researchers has discovered about the crafted PDF document that it contain embedded JPG2000 (JP2) image which is able to trigger an exploitable heap buffer overflow.
The Nikolic has mentioned that “In jpeg2000 image parser library, heap buffer overflow vulnerability exist which is used by the Chrome’s PDF renderer, PDFium. The vulnerability mainly located in underlying jpeg2000 parsing library and Open JPEG. This vulnerability becomes exploitable in chrome in case of special build process”.
In standalone builds an asset in OpenJPEG library prevents from heap overflow. The assertions are removed from release versions of Chrome. They have mentioned that vulnerability is located in function ‘jpj-2k-read-siz’ in ‘j2k.c’ file.
Its really very surprising that attackers crafts a PDF document which is responsible to invoke PDFium for flawed implementation of OpenJPEG library and thus creates buffer overflow.
The Google has quickly fixed this vulnerability, they have applies a simple and effective solution, that is use of single line code that has changed assert to anif. Following is the timeline of flaw in Chrome PDF reader.
19-05-2016: Bug reported
19-05-2016: Bug acknowledged
20-05-2016: Bug fixed, with fix publicly available in chromium
25-05-2016: Bug fix shipped in Chrome Stable 51.0.2704.63
08-06-2016: Talos releases details
Now be relaxed because the last version of Chrome has fix for PDF reader. If you have yet not updated your chrome browser then update it as possible.
Users of Google Chrome should keep this fact in mind that it implement automatic update process, but user have to restart browser to come changes in effect.
This type of defect is unsafe because user frequently browse PDF, as open any malicious document can cause problem with the browser.
Its Better to update your Google Chrome without wasting a single moment.