CVE-2022-0107 An attacker who convinces a user to install a malicious extension can exploit heap corruption in Google Chrome on Chrome OS prior to 97.0.4692.71.

This issue was fixed in later releases. CVE-2017-5404 In Chrome OS before 93, a memory mapping vulnerability during guest networking allowed a guest user to potentially escalate privileges by creating a malicious SSH connection. CVE-2017-5405 In Chrome OS before 93, an issue during printing could result in access to potentially sensitive files being accessible to an arbitrary malicious guest user.

CVE-2017-5406 In Chrome OS before 93, an issue during printing could result in an attacker being able to create a malicious printing session. This issue does not affect Chrome OS version 2.x.

CVE-2017-5407 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5408 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5409 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5410 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a malicious print job.

CVE-2017-5411 In Chrome OS before 93, an issue during printing could result in an attacker accessing potentially sensitive information on the local host via a

Android

A vulnerability in the Android operating system could allow a malicious application to bypass user restrictions for accessing contacts and SMS.

CVE-2017-5132 In Android, an issue in the Kernel Mode Driver Framework could allow a malicious application to retrieve sensitive information from kernel memory.

CVE-2017-5133 In Android, an issue in the kernel drivers could allow a malicious application to escalate privileges.

Mitigation strategies

If your Chrome OS device is configured to support guest networking, your device will automatically mitigate this issue by restricting the ability of a malicious user to escalate privilege. If you are using this feature, then no further action is required.

Timeline

Published on: 02/12/2022 00:15:00 UTC
Last modified on: 04/19/2022 03:31:00 UTC

References

• https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
• https://crbug.com/1248438
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0107