This issue has been fixed by removing the user gesture requirement. Double clicking on the URL of a Google Docs or Sheet link in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. This issue has been fixed by removing the user gesture requirement. Here are some example user gestures:

- Swiping right to open a new tab - Tapping right to open a new tab - Tapping left to open a new tab - Swiping left to open a new tab - Tapping up to open a new tab - Swiping up to open a new tab - Tapping down to open a new tab - Tapping down to open a new tab - Holding down to open a new tab - Swiping up to open a new tab - Swiping left to open a new tab - Tapping up to open a new tab - Tapping down to open a new tab - Tapping down to open a new tab - Holding down to open a new tab - Clicking on an anchor link in an email - Clicking on an anchor link in a Google Docs or Sheet link - Clicking on an anchor link in a web page

Vulnerability details

This issue has been fixed by removing the user gesture requirement. Double clicking on the URL of a Google Docs or Sheet link in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. This issue has been fixed by removing the user gesture requirement. Here are some example user gestures:
- Swiping right to open a new tab - Tapping right to open a new tab - Tapping left to open a new tab - Swiping left to open a new tab - Tapping up to open a new tab - Swiping up to open a new tab - Tapping down to open a new tab - Tapping down to open a new tab - Holding down to open a new tab - Swiping up to open a new tab - Swiping left to open a new tab - Tapping up to open a new tapdowndown-Tapping downtoopena newsynewtab-Holdingdown tonopenanewtab

What is Google Chrome?

Google Chrome is a freeware web browser developed by Google and released in 2008. It is available for Microsoft Windows, Apple's OS X, Linux, and Android operating systems.
Powered by WebKit, Google Chrome allows users to view web pages faster through multiple tabs management, sync capability with all their devices, support for extensions, and built-in Adobe Flash Player.
Additionally, it features plug-ins such as Adobe Reader and Flash Player that provide additional functionality.

Information disclosure

- Origin headers - Referrer headers

Linked Scripts

If the web page you are viewing has a script that is embedded with malicious code that you trust and depends on an external service, then it is possible for a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.

Publicly available scripts can be found on our Web Security Sensor: https://www.google.com/webmasters/tools/richsnippets-url-patterns

Timeline

Published on: 02/12/2022 00:15:00 UTC
Last modified on: 04/19/2022 03:32:00 UTC

References