CVE-2022-0105 An attacker could exploit heap corruption in Google Chrome before 97.0.4692.71 to gain access to user data.

This issue was addressed by updating Google Chrome to version 97.0.4692.75. CVE-2017-15411 In Google Chrome prior to version 74.0.3729.169, a user could open multiple tabs and navigate to different sites as each tab was still being loaded in memory. This allowed remote attackers to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15412 In Google Chrome prior to version 74.0.3729.169, multiple instances of a “Cross-Origin Read Blocked” error could be observed in the Developer Tools profiler. This occurred when opening a page with an XMLHttpRequest on the same domain and subdomain as the Developer Tools profiler. This allowed remote attackers to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15413 When launching media content in Google Chrome prior to version 74.0.3729.131, the media player would occasionally cause a crash. This occurred when rendering a remote video, audio, or plugin content. This allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15414 When launching media content in Google Chrome prior to version 74.0.3729.131, the media player would occasionally cause a crash. This occurred when a remote media plugin caused an unmapped memory access. This allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15415 In Google Chrome prior

^ ii to version 74.0.3729.131, a remote attacker could potentially exploit heap corruption via a crafted HTML page.

The fix for this issue is updating Google Chrome to version 74.0.3729.169

Mitigation and Detection

This issue was addressed by updating Google Chrome to version 74.0.3729.131. CVE-2017-15416 In Google Chrome prior to version 74.0.3729.131, a user could open multiple tabs and navigate to different sites as each tab was still being loaded in memory. This allowed remote attackers to potentially exploit heap corruption via a crafted HTML page.
Word count: 684

Timeline

Published on: 02/12/2022 00:15:00 UTC
Last modified on: 04/19/2022 03:33:00 UTC

References

• https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
• https://crbug.com/1274376
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0105