CVE-2024-10668
📋 TL;DR
This vulnerability allows attackers to bypass Google Quick Share's file validation by sending duplicate file transfer frames, enabling them to upload arbitrary files to victims' Downloads folders. It affects Windows users running vulnerable versions of Google Quick Share. Attackers can exploit this to deliver malicious files that would normally be blocked.
💻 Affected Systems
- Google Quick Share (formerly Nearby Share)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers deliver malware, ransomware, or other malicious executables directly to victims' systems, leading to full system compromise, data theft, or encryption.
Likely Case
Attackers deliver phishing documents, scripts, or other malicious files that users might accidentally execute, leading to limited system compromise or credential theft.
If Mitigated
With proper endpoint protection and user awareness, malicious files are detected before execution, limiting impact to file system clutter.
🎯 Exploit Status
Exploitation requires sending specially crafted duplicate file transfer frames via Bluetooth/Wi-Fi Direct. No authentication needed once connection is established.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Quick Share Windows v1.0.2002.2 or later
Vendor Advisory: https://github.com/google/nearby/pull/2892
Restart Required: Yes
Instructions:
1. Open Google Chrome. 2. Go to chrome://flags. 3. Search for 'Quick Share'. 4. Ensure it's updated to v1.0.2002.2+. 5. Restart Chrome. Alternatively, update through Windows Store if installed as standalone app.
🔧 Temporary Workarounds
Disable Quick Share
windowsTemporarily disable Quick Share file receiving to prevent exploitation
Open Chrome → Settings → Advanced → Privacy and security → Site settings → Nearby Share → Disable
Restrict Downloads Folder Permissions
windowsSet Downloads folder to read-only or require admin approval for executions
Right-click Downloads folder → Properties → Security → Edit permissions → Deny write/execute for standard users
🧯 If You Can't Patch
- Disable Quick Share entirely until patching is possible
- Implement application whitelisting to prevent execution of unknown files from Downloads folder
🔍 How to Verify
Check if Vulnerable:
Check Quick Share version in Chrome flags (chrome://flags search 'Quick Share') or Windows Store. If version is below v1.0.2002.2, system is vulnerable.Check Version:
In Chrome: chrome://flags then search 'Quick Share'. In Windows: Get-AppxPackage *QuickShare* | Select VersionVerify Fix Applied:
Confirm version is v1.0.2002.2 or higher. Test by attempting to send duplicate file transfers (if safe testing environment available).📡 Detection & Monitoring
Log Indicators:
- Multiple file write events with same payload ID in Quick Share logs
- Unexpected files appearing in Downloads folder from Quick Share transfers
Network Indicators:
- Unusual Bluetooth/Wi-Fi Direct connections followed by duplicate file transfer patterns
SIEM Query:
EventID=4663 AND ObjectName LIKE '%Downloads%' AND ProcessName LIKE '%chrome.exe%' AND AccessMask='0x100' AND Count>1 within 5 seconds