CVE-2022-0107 An attacker who convinces a user to install a malicious extension can exploit heap corruption in Google Chrome on Chrome OS prior to 97.0.4692.71.

CVE-2022-0107 An attacker who convinces a user to install a malicious extension can exploit heap corruption in Google Chrome on Chrome OS prior to 97.0.4692.71.

This issue was fixed in later releases. CVE-2017-5404 In Chrome OS before 93, a memory mapping vulnerability during guest networking allowed a guest user to potentially escalate privileges by creating a malicious SSH connection. CVE-2017-5405 In Chrome OS before 93, an issue during printing could result in access to potentially sensitive files being accessible to an arbitrary malicious guest user.

CVE-2017-5406 In Chrome OS before 93, an issue during printing could result in an attacker being able to create a malicious printing session. This issue does not affect Chrome OS version 2.x.

CVE-2017-5407 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5408 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5409 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5410 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5411 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a

Android

A vulnerability in the Android operating system could allow a malicious application to bypass user restrictions for accessing contacts and SMS.

CVE-2017-5132 In Android, an issue in the Kernel Mode Driver Framework could allow a malicious application to retrieve sensitive information from kernel memory.

CVE-2017-5133 In Android, an issue in the kernel drivers could allow a malicious application to escalate privileges.

Mitigation strategies

If your Chrome OS device is configured to support guest networking, your device will automatically mitigate this issue by restricting the ability of a malicious user to escalate privilege. If you are using this feature, then no further action is required.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe