CVE-2024-1675
📋 TL;DR
This vulnerability allows attackers to bypass Chrome's download restrictions via a malicious HTML page, potentially enabling unauthorized file system access. It affects Google Chrome users on all platforms running versions before 122.0.6261.57. The medium severity rating reflects the need for user interaction but significant potential impact.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Attackers could download malicious files to restricted system locations, potentially leading to system compromise, data theft, or ransomware deployment.
Likely Case
Users visiting malicious websites could have unwanted files downloaded to their system, potentially leading to malware infection or data exfiltration.
If Mitigated
With proper security controls, the impact is limited to isolated browser sessions without system-wide consequences.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious page) but no authentication. The vulnerability is in the download policy enforcement mechanism.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 122.0.6261.57 and later
Vendor Advisory: https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the patched version.
🔧 Temporary Workarounds
Disable automatic downloads
allConfigure Chrome to ask where to save each file before downloading
chrome://settings/downloads → Toggle 'Ask where to save each file before downloading' to ON
Enable Enhanced Safe Browsing
allProvides additional protection against malicious websites
chrome://settings/security → Enable 'Enhanced protection'
🧯 If You Can't Patch
- Deploy network filtering to block known malicious websites
- Implement application whitelisting to prevent unauthorized file execution
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in chrome://settings/help or via 'chrome://version'Check Version:
google-chrome --version (Linux/Mac) or wmic datafile where name="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" get version (Windows)Verify Fix Applied:
Confirm Chrome version is 122.0.6261.57 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual download patterns from Chrome
- Files downloaded to unusual locations
- Multiple download attempts from single sessions
Network Indicators:
- Connections to suspicious domains followed by file downloads
- Unusual download traffic patterns
SIEM Query:
source="chrome" AND (event="download" OR event="file_save") AND file_path NOT IN ["Downloads", "Desktop"]🔗 References
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41486208
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41486208
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
