CVE-2023-2931
📋 TL;DR
This is a use-after-free vulnerability in Chrome's PDF renderer that allows remote attackers to trigger heap corruption via malicious PDF files. Successful exploitation could lead to arbitrary code execution or browser crashes. All Chrome users on versions before 114.0.5735.90 are affected.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the same privileges as the Chrome process, potentially leading to full system compromise if Chrome runs with elevated privileges.
Likely Case
Browser crash (denial of service) or limited memory corruption that could be leveraged for sandbox escape in combination with other vulnerabilities.
If Mitigated
Browser crash with no further impact if sandboxing works correctly and no other vulnerabilities are chained.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious PDF file. Use-after-free vulnerabilities in Chrome's sandboxed renderer process are commonly exploited in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 114.0.5735.90 and later
Vendor Advisory: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
Restart Required: Yes
Instructions:
1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for updates and install version 114.0.5735.90 or later. 3. Click 'Relaunch' to restart Chrome with the fixed version.
🔧 Temporary Workarounds
Disable Chrome's built-in PDF viewer
allForce Chrome to download PDFs instead of opening them internally
Navigate to chrome://settings/content/pdfDocuments and toggle 'Download PDF files instead of automatically opening them in Chrome'
Use alternative PDF viewer extension
allInstall a third-party PDF viewer extension that doesn't use Chrome's vulnerable PDF renderer
🧯 If You Can't Patch
- Implement web proxy/content filter to block PDF downloads from untrusted sources
- Deploy application control to restrict Chrome usage or enforce PDF opening in alternative applications
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: if version is less than 114.0.5735.90, the system is vulnerable.Check Version:
chrome://version/ (on Chrome) or google-chrome --version (command line)Verify Fix Applied:
Confirm Chrome version is 114.0.5735.90 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with PDF-related stack traces
- Unexpected Chrome renderer process terminations
Network Indicators:
- Downloads of PDF files from suspicious sources followed by Chrome crashes
SIEM Query:
source="chrome_crash_reports" AND process="chrome" AND module="pdfium" OR source="proxy_logs" AND file_type="pdf" AND user_agent="Chrome/<114.0.5735.90"🔗 References
- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
- https://crbug.com/1444238
- https://security.gentoo.org/glsa/202311-11
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5418
- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
- https://crbug.com/1444238
- https://security.gentoo.org/glsa/202311-11
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5418
