New issue
Advanced search Search tips

Issue 699545 link

Starred by 1 user
Status: Duplicate
Merged: issue 688689
Owner: ----
Closed: Mar 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Google Update fails to validate library certificate

Reported by ogoid.ba...@gmail.com, Mar 8 2017 
I'm not sure if this qualifies for the rewards program, as it involves local dll loading, but seems a significant security issue as it allows an attacker to impersonate Google's identity.

Basically, GoogleUpdate.exe checks the code signing of some libraries before loading, but will also load a goopdate.dll file without signature on the same dir.

For example, this allows an attacker to distribute GoogleUpdate.exe together with a malware dll which requests for rights elevation, and trick the user into accepting it, as the request screen will show Google's signature.

I attached a sample dll which when loaded exploits this vulnerability. Just execute GoogleUpdate.exe, and note how the elevation request assures Google's identity.

Shouldn't GoogleUpdate.exe always check for code signature before calling LoadLibrary?
goopdate.zip
88.0 KB Download

Comment 1 by elawrence@chromium.org, Mar 8 2017

Mergedinto: 688689
Status: Duplicate (was: Unconfirmed)
This is a duplicate of  Issue 688689  and indeed outside of the browser's threat model. 

https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 15 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment