2 min read

How a boobytrapped PDF file could exploit your Chrome Browser - and it's not Adobe's fault!

Graham CLULEY

June 10, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
How a boobytrapped PDF file could exploit your Chrome Browser - and it's not Adobe's fault!

It used to be one of the biggest irritations on the web. You would be visiting a website, click on a link and then – without warning – find that Adobe Acrobat Reader was cranking into action, in order to show you the PDF file that the site wanted you to see.

Many was the time when I muttered under my breath that the least the site could have done was warn me that I was about to click on a .PDF file, so I could make an informed decision for myself.

Part of my complaint wasn’t that it was just a pain reading Acrobat PDF files on the web – it was also potentially dangerous. Over the years there have been many many instances of malicious hackers exploiting vulnerabilities in Adobe’s Acrobat Reader, boobytrapping their PDF files by embedding – for instance – Javascript code that would conduct unauthorized actions and compromise PCs.

So when browsers began to include alternative PDF readers in their code, such as PDFium which comes with Google Chrome web browser, there was something of a sigh of relief. A different code base meant that – hopefully – the Chrome PDF reader wouldn’t be vulnerable to the same exploits as Adobe’s version, and one would hope that the user experience of opening PDF files would be a lot more streamlined too.

However, that improved user experience may have inevitably resulted in some users thinking that PDF files were somehow now safe.

But, as we know all too well, there is no such thing as bug-free code. And sure enough this week it has been revealed that PDFium, Chrome’s default PDF reader, contained an exploitable vulnerability (known as CVE-2016-1681) that could have resulted in malicious code being run on innocent users’ systems.

For the attack to take place, all the user had to do was view a PDF file that included a specially-crafted JPEG2000 image embedded within it. According to researchers at Cisco Talos, an attacker could plant a malicious PDF on website, and then redirected potential victims to it via malicious email links or malvertising.

Interestingly, the vulnerability does not lie in Chrome’s own code, or that of PDFium, but in the OpenJPEG library that is used to handle the display of JPEG2000 files, as Cisco’s Aleksander Nikolic explains:

“A heap buffer overflow vulnerability is present in the jpeg2000 image parser library as used by the Chrome’s PDF renderer, PDFium. The vulnerability is located in the underlying jpeg2000 parsing library, OpenJPEG, but is made exploitable in case of Chrome due to special build process.”

The significance of the bug is perhaps heightened by the fact that many security solutions generically look for attempts to exploit PDF files with embedded Javascript, but may be less likely to spot a maliciously-formed image buried inside a PDF file.

Google patched its code when it released Chrome 51.0.2704.63 on May 25th, and has issued updates of other security issues since. Aleksander Nikolic who responsibly disclosed details of the flaw to Google was awarded a $3,000 bug bounty for his efforts.

Users of Google Chrome are reminded to ensure that they are running Google Chrome 51.0.2704.63 or later. The browser does automatically update itself – which is great – but you should restart your browser to make certain that you are running the latest edition.

Remember – aside from running a comprehensive anti-virus solution, you should always be careful about the links you click on, and keep your software updated with the latest patches.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read