Note that this issue was fixed in later releases of Google Chrome. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing Media streams. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing HTML media tags. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing an audio tag. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing a video tag. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing a canvas tag. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing an audio tag. This could lead to objects being created in one process but then being
Google Chrome Vulnerability Reference CVE-2022-0100
Note that this issue was fixed in later releases of Google Chrome. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing Media streams. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing HTML media tags. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing an audio tag. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash. Google Chrome prior to 75.0.3770.80 did not properly handle objects in memory when parsing a video tag. This could lead to objects being created in one process but then being read by another process, potentially resulting in a process crash.[1]
[1] https://bugsplat-sapiencloudsolutions-comcastcorpcomwc2-dhscomwc2-usa/view
How dangerous is this vulnerability?
This vulnerability is considered to be high severity.
Timeline
Published on: 02/12/2022 00:15:00 UTC
Last modified on: 04/19/2022 03:37:00 UTC
References
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://crbug.com/1238209
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0100