Chrome on Fedora becomes vulnerable drive-by download attacks

Chrome OS

Google Chrome on Fedora

Though Google Chrome is one of the secure web browsing solutions, a new vulnerability has surfaced online that can exploit your Fedora system with serious drive-by download attacks. The new issue has particularly been spotted in Fedora 24.

Security researcher Chris Evans has revealed the loophole in Chrome browser that leverages its exposed download manager to get index details right from the Tracker application in Fedora. Evans highlights that the Tracker is not sandboxed on the platform. This is why attackers can easily access the system from a downloaded file.

“This is a problem that lends itself nearly ideally to sandboxing: the inputs and outputs and clear, and the rights needed to transform the inputs into the outputs are minimal,” Evans writes in a blog post.

To explain the depth of the vulnerability, the researcher has provided a proof-of-concept attack in which a malformed file gets forcefully downloaded upon accessing a malicious website. Attackers can even access personal data such as thumbnails and previews of files using the vulnerability through Fedora’s Gstreamer framework.

The automated process of releasing an attack from a downloaded file makes it a drive-by download issue.

Minor presence on Ubuntu too

In addition to Fedora, the same vulnerability is also claimed to be affecting the default installer on Ubuntu 16.04. But it is limited and opened for attacks if the ‘mp3’ option is enabled.

“Ubuntu does not seem to index desktop files by default, so the impact on Ubuntu will be less severe but still nasty via e.g. triggering thumbnails by opening the nautilus file browser in the Downloads directory or a USB drive or by emailing someone the exploit file and have them open it in a media player,” Evan explained.

The Fedora team is expected to sandbox the Tracker application through its next version. Meanwhile, users are recommended to download files only from reliable sources.


Please enter your comment!
Please enter your name here