CVE-2022-0098 An attacker who convinced a user to perform specific user gestures can exploit heap corruption after an AF in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71.

CVE-2022-0098 An attacker who convinced a user to perform specific user gestures can exploit heap corruption after an AF in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71.

This issue was fixed by restricting user gestures to trusted sites. After the initial release of Google Chrome, it was discovered that a race condition existed in the handling of navigation events after a user performed a screen navigation using a keyboard or mouse. An attacker could potentially exploit this by convincing a user to perform specific user gestures, with the results being a heap corruption that could lead to remote code execution. This issue was fixed by changing the handling of navigation events.
XSS Auditor in Google Chrome on Windows prior to 97.0.4683.0 allowed remote attackers to inject arbitrary web script or HTML via a web site that renders a script that is not properly sanitized via a callback.

This issue was fixed by enabling X-XSS Sanitization on Windows.
Prior to release 97, when a user right-clicked a file and selected “Open with”, and the selection resulted in opening multiple files, the Open With dialog did not properly handle switching between the open files. This could lead to a crash. This issue was fixed by updating the handling of the Open With dialog.

Prior to 97, when multiple tabs or windows were opened with the Shift key pressed, the selection in the Open With dialog did not properly handle switching between the open items. This could lead to a crash. This issue was fixed by updating the handling of the Open With dialog.

Prior to 97, when a user pressed Ctrl+E to open a new incognito

Google Chrome on Android before 65.0.3325.146 allowed remote attackers to bypass the Same Origin Policy, and obtain sensitive information, via vectors involving opening a URL with no protocol specified in an intent.


This issue was fixed by updating Chrome on Android to 65.0.3325.146
This issue was fixed by fixing an out-of-bounds read when handling images from a canvas element that is rendered into memory using the Cairo library before 2.40

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe