A new version of Google Chrome 48.0.2564.116 has been released by Google after a vulnerability in Chrome Browser and Chromium was identified by an anonymous person who reported the bug through the bug bounty program of the company.
The identifier code for the bug is CVE-2016-1629. It can be used by the users to track the bug but currently the company has not disclosed much information about the bug till the time it is completely fixed by providing the upgrades to all the users. The anonymous person who detected the bug is awarded Euro 23090.3 or an equivalent of US$ 25633.70. The bug has been rated by the company as critical.
The issue identified by the anonymous user pertains to the Same Origin Policy. In Google Chrome, the vulnerability is related to the escape of the sandbox mode and in Chromium, it is concerned with the bypass of the Blink rendering engine.
What is SOP?
The Same Origin Policy (SOP) is an important security mechanism that prevents running codes from multiple sources on a single webpage. It is a vulnerability that can be exploited by hackers if left undetected. They can use it to run malicious codes on the same page which also displays codes from authentic sources.
What is the vulnerability in Chrome?
The SOP has two different forms – one in Chromium and the other for the Google Chrome browser. In the browser, it compromises the sandbox mode. Sandbox mode ensures that any suspicious code would be executed inside a segregated process with limited or no access to the browser or the operating system. In Chrome, if the vulnerability had been exploited, it would have meant that the code would have gained access to the browser and the OS compromising its security. In Chromium, it would have done similar damage.
Why is this dangerous?
A similar vulnerability was identified in Mozilla Firefox version 44.0.2 a few days ago. Such vulnerabilities can be easily exploited by the attackers and hence these exploits mechanisms are sold at a huge price in the underground forums.
The price paid by Google is similar to what the exploits would have been sold at. It seems Google was lucky in identifying the vulnerability and issuing an update in time.