Fortinet Discovers Google Chrome Skia Out-of-Bounds Read Vulnerability
Fortinet's FortiGuard Labs has discovered an Out-of-Bounds Read vulnerability in Google Chrome Skia engine.
Skia is an open source 2D graphics library which provides common APIs that work across a variety of hardware and software platforms. It serves as the graphics engine for Google Chrome and Chrome OS, Android, Mozilla Firefox and Firefox OS, and many other products. The Skia image rendering engine contains several Effect Filters which can be applied to a pre-existing sourced Bitmap Image or to a new Skia Drawing.
The Out-of-Bounds Read vulnerability is caused due to an incorrect bounds check in Skia's SkPathRef. The malformed data supplied to the filter escapes the bounds set in SkPathRef which leads to an Out-of-Bounds Read. Thus this vulnerability can be triggered by loading a malicious webpage wherein malformed input data is provided to the Skia Filters which in turn invokes the vulnerable SkPathRef, thereby causing the Skia rendering engine to crash.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Oct 30, 2017
Users should apply the solution provided by Google.
Fortinet reported the vulnerability to Google on August 17, 2017.
Google released patch for it on October 17, 2017.