CVE-2023-2939
📋 TL;DR
This vulnerability allows a local attacker on Windows systems to escalate privileges by exploiting insufficient data validation in Google Chrome's installer through a crafted symbolic link. It affects Google Chrome on Windows prior to version 114.0.5735.90. Attackers need local access to the system to exploit this flaw.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, persistence installation, and lateral movement.
Likely Case
Local user or malware with limited privileges escalates to administrator rights, allowing installation of additional malware, disabling security controls, or accessing protected data.
If Mitigated
With proper access controls and least privilege principles, impact is limited to the compromised user account without system-wide compromise.
🎯 Exploit Status
Requires local access and ability to create symbolic links. Windows permissions may restrict symbolic link creation by default for non-administrators.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 114.0.5735.90 and later
Vendor Advisory: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
Restart Required: Yes
Instructions:
1. Open Chrome and click the three-dot menu > Help > About Google Chrome. 2. Chrome will automatically check for updates and install version 114.0.5735.90 or later. 3. Click 'Relaunch' to restart Chrome with the updated version.
🔧 Temporary Workarounds
Restrict symbolic link creation
windowsConfigure Windows security policy to restrict symbolic link creation to administrators only
gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Create symbolic links
Run Chrome with limited privileges
windowsEnsure Chrome runs with standard user privileges, not administrator rights
🧯 If You Can't Patch
- Implement strict access controls to limit who has local access to vulnerable systems
- Monitor for suspicious privilege escalation attempts and symbolic link creation events
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: Open Chrome > Settings > About Chrome. If version is below 114.0.5735.90, system is vulnerable.Check Version:
chrome://version/ or "chrome --version" in command lineVerify Fix Applied:
Confirm Chrome version is 114.0.5735.90 or higher in About Chrome page.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Security logs showing privilege escalation, Process creation with elevated privileges from Chrome installer
- Application logs: Chrome update/installer activity with unusual parameters
Network Indicators:
- No direct network indicators as this is local exploitation
SIEM Query:
EventID=4688 AND ProcessName="chrome.exe" OR ProcessName="chrome_installer.exe" AND NewProcessName contains "cmd.exe" OR "powershell.exe" AND IntegrityLevel="High" OR "System"🔗 References
- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
- https://crbug.com/1427431
- https://security.gentoo.org/glsa/202311-11
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5418
- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
- https://crbug.com/1427431
- https://security.gentoo.org/glsa/202311-11
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5418
