This issue was fixed in later releases. CVE-2017-5404 In Chrome OS before 93, a memory mapping vulnerability during guest networking allowed a guest user to potentially escalate privileges by creating a malicious SSH connection. CVE-2017-5405 In Chrome OS before 93, an issue during printing could result in access to potentially sensitive files being accessible to an arbitrary malicious guest user.
CVE-2017-5406 In Chrome OS before 93, an issue during printing could result in an attacker being able to create a malicious printing session. This issue does not affect Chrome OS version 2.x.
CVE-2017-5407 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.
CVE-2017-5408 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.
CVE-2017-5409 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.
CVE-2017-5410 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.
CVE-2017-5411 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a
Android
A vulnerability in the Android operating system could allow a malicious application to bypass user restrictions for accessing contacts and SMS.
CVE-2017-5132 In Android, an issue in the Kernel Mode Driver Framework could allow a malicious application to retrieve sensitive information from kernel memory.
CVE-2017-5133 In Android, an issue in the kernel drivers could allow a malicious application to escalate privileges.
Mitigation strategies
If your Chrome OS device is configured to support guest networking, your device will automatically mitigate this issue by restricting the ability of a malicious user to escalate privilege. If you are using this feature, then no further action is required.
Timeline
Published on: 02/12/2022 00:15:00 UTC
Last modified on: 04/19/2022 03:31:00 UTC
References
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://crbug.com/1248438
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0107