CVE-2022-2861 The Extensions API in Google Chrome prior to 104.0.5112.101 allowed attackers to inject scripts into WebUI.

An attacker could use this to inject content into WebUI, such as a phishing form, or execute arbitrary code. Google Chrome prior to 105.0.2214.101, did not sufficiently prevent extensions from manipulating DOM elements. An attacker could use this to construct extensions that would be displayed on the foreground tab of another extension and load privileged extensions. Google Chrome prior to 105.0.2214.79, did not sufficiently prevent extensions from modifying the navigation history. An attacker could use this to construct extensions that would be displayed as the most-visited page on the foreground tab of another extension and load privileged extensions. Google Chrome prior to 105.0.2214.64, allowed an attacker to load privileged extensions via a malicious extension. Google Chrome prior to 105.0.2214.101, did not enable prompt when opening downloaded files. This could allow attackers to trick a user into installing a malicious extension. Google Chrome prior to 105.0.2216.0, allowed an attacker to bypass extensions restrictions. This could allow an attacker to load privileged extensions. Google Chrome prior to 105.0.2216.1, did not properly enforce restrictions on extensions. This could allow an attacker to load privileged extensions. Google Chrome prior to 105.0.2216.2, allowed an attacker to load privileged extensions via a malicious extension. Google Chrome prior to 105.0.2216.3, did not properly restrict access to the WebWorker and LocalWork

Vulnerability summary

Google Chrome prior to 105.0.2214.79, did not sufficiently prevent extensions from modifying the navigation history. An attacker could use this to construct extensions that would be displayed as the most-visited page on the foreground tab of another extension and load privileged extensions. Google Chrome prior to 105.0.2214.64, allowed an attacker to load privileged extensions via a malicious extension. Google Chrome prior to 105.0.2216.1, did not properly enforce restrictions on extensions, allowing an attacker to load privileged extensions via a malicious extension

Vulnerability details:

WebKit, as used in Google Chrome before 10.0.648.204, does not properly handle the use of WebWorkers during page navigation, which allows remote attackers to bypass intended access restrictions via a crafted HTML document that references a different domain than the current one.
A use-after-free vulnerability can occur when interacting with SVG elements on a page during script execution. The resulting crash may be triggered by an unspecified action.
A heap-based buffer overflow in WebCore in Google Chrome before 10.0.648.133 allows remote attackers to execute arbitrary code via unspecified vectors related to Cascading Style Sheets (CSS) tokenization during parsing.

Timeline

Published on: 09/26/2022 16:15:00 UTC
Last modified on: 09/28/2022 19:05:00 UTC

References

• https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
• https://crbug.com/1346236
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2861