CVE-2022-0096 An attacker in Google Chrome before 97.0.4692.71 could exploit heap corruption after an AOF.
CVE Solution: Update to version 97.0.4689 or newer. An issue was discovered in certain configurations of Google Chrome prior to version 97.0.4692.71. Users were potentially vulnerable to an arbitrary code execution. It was discovered that a use after free issue existed in the Web Distributed JavaScript Engine (Djenga) in Web applications. The issue is due to a race condition when handling HTML tags. An attacker could leverage this vulnerability to potentially exploit heap corruption via a crafted HTML page. It was discovered that certain types of HTML tags were not handled properly by certain media elements in Web applications. An attacker could leverage this vulnerability to potentially exploit heap corruption via a crafted HTML page. CVE Solution: Update to version 97.0.4689 or newer. An issue was discovered in certain configurations of Google Chrome prior to version 97.0.4692.71. Users were potentially vulnerable to an arbitrary code execution. It was discovered that a use after free issue existed in the Web Distributed JavaScript Engine (Djenga) in Web applications. The issue is due to a race condition when handling HTML tags. An attacker could leverage this vulnerability to potentially exploit heap corruption via a crafted HTML page. CVE Solution: Update to version 97.0.4689 or newer. An issue was discovered in certain configurations of Google Chrome prior to version 97.0.4692.71. Users were potentially vulnerable to an arbitrary code execution
Summary
An issue was discovered in certain configurations of Google Chrome prior to version 97.0.4692.71. Users were potentially vulnerable to an arbitrary code execution. It was discovered that a use after free issue existed in the Web Distributed JavaScript Engine (Djenga) in Web applications. The issue is due to a race condition when handling HTML tags. An attacker could leverage this vulnerability to potentially exploit heap corruption via a crafted HTML page. CVE Solution: Update to version 97.0.4689 or newer. An issue was discovered in certain configurations of Google Chrome prior to version 97.0.4692.71
To make an impact online, you need great search engine optimization (SEO). To achieve this goal, businesses have many strategies they can use, but one strategy that stands out is using pictures in your ad campaigns on Facebook as people respond well to pictures and it's more likely for them to click through when they see something visually appealing than if they see text only
How do I know if my browser is vulnerable?
If you are using Google Chrome version 97.0.4692.71 or newer, then your browser is not vulnerable to the arbitrary code execution vulnerability.
The update will also protect against the heap corruption vulnerability in certain configurations of Web applications.
If you are using a version prior to 97.0.4692.71 on Google Chrome, then your browser is potentially vulnerable to either arbitrary code execution or heap corruption with malicious HTML tags.
Timeline
Published on: 02/12/2022 00:15:00 UTC
Last modified on: 04/08/2022 13:45:00 UTC
References
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://crbug.com/1275020
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0096