Network Security Project
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page.
- Download Chrome on Linux
$ wget https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/114.0.5735.90/linux64/chrome-linux64.zip
$ unzip chrome-linux64.zip
- Execute
$ ./chrome-linux64/chrome --no-sandbox
- prepare an SVG file to exploit the vulnerability
- prepare a bash script for starting the http server
- execute the script
$ chmod +x start_server.sh
$ ./start_server.sh
access the d.svg file on Chrome by navigating to localhost on port 8888
http://127.0.0.1:8888/d.svg