Audio or Video HTML Tags Exploited : Chrome Bug Lets Attackers Steal Web Secrets
HTML5 is the latest version of HTML (Hyper Text Markup Language) that offers new attributes, elements and behaviors allowing the design of websites and applications with a powerful and diverse mechanism.
HTML5 new API allows us to play the video\audio within the browser without installing cumbersome browser plug-in (like flash).
Google Chrome, a widely used browser platform recently plucked a bug that had enabled the abuse of video and audio HTML tags by cyber miscreants to embezzle important user information.
Google tagged this vulnerability as CVE-2018-6177 and t has successfully fixed with the release of Chrome version 68.0.3440.75. Users who continue to use the older versions may fall in the trap of threat actors who may exploit this bug to lure users to the malicious websites.
This may be accomplished by:
- Displaying malevolent advertisements on genuine websites. Malicious code is embedded inside ads displayed on legitimate sites. A Click on these ads executes the pernicious script making the system susceptible to security threats.
- Existing vulnerabilities on legitimate websites such as cross-site scripting (XSS) flaws can be leveraged by cyber miscreants to inject and execute malicious codes that can pose a threat to user security and privacy.
How are Audio and Video HTML Tags Leveraged?
As mentioned earlier the attack is implanted by injecting malicious code that utilizes audio and video HTML tags on legitimate websites. When the code is executed, the Parsing content of the website may include important user information along the routine calls.
The vulnerability is exploited to leverage side channel methodology & it abused filtering functions in the website.
Side channel information includes timing information, power consumption, electro-magnetic leaks etc. This information can be misused to channelize any attack on the computer.
The Filtering function allows the user to filter the content of a website on category basis. This saves user from unnecessary scrolling to view the desired content on the web page.
The bug makes use of progressive events i.e. the events that occur during the calling, loading and execution of a page.
The Progress events were used to deduce the size of website’s response. Knowing the size of the resource and let the leak of user specific information in an easy manner!