A system Environment Variables Leak affect Multiple browsers

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here.

A system environment variables leak security bug was found in Chromium 92 version. Multiple web browsers are based on the chromium engine, such as Google Chrome, Microsoft Edge, Opera, and Brave. Most of them are reported to be vulnerable, except Brave.

The vulnerability tracked as CVE-2022-0337 affects the ‘window.showSaveFilePicker()’ method in the File system access API. An attacker can exploit this vulnerability to gain access to the victim’s system environment variables by crafting a malicious html file and enticing a victim user to open it. Environment variables are the variables where users can store secrets like tokens, passwords, keys to some services (ex. Microsoft Azure or Twilio SendGrid). This vulnerability only affects Windows operating system.

Potential MITRE ATT&CK TTPs are:
TA0042: Resource Development
T1588: Obtain Capabilities
T1588.006: Obtain Capabilities: Vulnerabilities
TA0001: Initial Access
T1190: Exploit Public-Facing Application
TA0005: Defense Evasion
T1027: Obfuscated Files or Information
T1027.006: Obfuscated Files or Information: HTML Smuggling