> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
A critical XXE (XML External Entity) vulnerability was discovered in Chromium, the open-source project behind major browsers like Chrome, Edge, Brave, and Opera. The flaw allows attackers to read local files by bypassing Chromium’s security sandbox — a serious privacy breach.
Let’s break down how it works, and why it’s dangerous.
What Caused the Vulnerability?
The issue, tracked as CVE-2023-4357, stems from Chromium’s integration of libxslt — a library used for XSLT (XML Stylesheet) processing.
Here’s the core problem:
-
libxslt
allows use of thedocument()
function in XSL stylesheets - That function supports external entity inclusion
- Chromium didn’t fully block this behavior inside its sandbox
- As a result, attackers could craft a malicious stylesheet to access
file://
URLs viahttp(s)://
requests
Even worse: when Chromium is run with the --no-sandbox
flag, attackers can access any file on the system — no restrictions.
How Attackers Exploit It
The exploit is deceptively simple and highly stealthy.
An attacker builds a malicious website that embeds:
- A crafted SVG image
- A malicious XSL stylesheet
Once a user visits the page, Chromium loads the SVG and triggers the vulnerable document()
function, silently accessing local files in the background.
There’s no prompt, no warning, and likely no trace. That’s what makes this flaw so dangerous.
Impact
- Browsers Affected: Chrome, Edge, Opera, Brave — basically anything based on Chromium
- Security Risk: Unauthorized local file access
-
High Risk in Headless / Electron Apps: Many embedded browsers using
--no-sandbox
are now a serious target - Potential Damage: Sensitive data leaks, privacy violations, local recon for more advanced attacks
Affected Versions
Chrome < 116.0.5845.96
And all other browsers or apps using affected Chromium versions
Mitigation & Patch
Temporary Workaround
- Don’t click suspicious or unknown links
- Be cautious when visiting websites that use SVG or XSLT
- Avoid using
--no-sandbox
unless absolutely necessary
Permanent Fix
Google released a patched version of Chrome on August 31, 2023.
To update manually:
- Open Chrome
- Go to
chrome://settings/help
- Ensure you're on version 116.0.5845.96 or above
More info: Chromium Release Notes
Reproduction Status
Timeline
- June 29, 2023 – Vulnerability reported by Igor Sak-Sakovskii
- Aug 31, 2023 – Chromium patch released
- Oct 25, 2023 – Public disclosure of the vulnerability
- Nov 17, 2023 – Reproduced by Chaitin Emergency Response Lab
- Nov 17, 2023 – Official advisory published by Chaitin Security
References
Stay updated, stay secure. If your browser runs on Chromium, make sure it’s patched.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)