This issue was fixed in version 97.0.4692.71. Note: This issue cannot be exploited by users as it requires the ability to open HTML pages. Google credits Kaveh Razavi and Roel Schouwen as the original reporters of this issue. Google PDF Viewer In Google Chrome prior to 76.0.4673.5, when viewing a PDF file, if the user accepted the license terms, the browser will open the Adobe Digital Publishing Program license page. Note: This issue does not affect users if they have the Adobe Digital Publishing Program (formerly known as Acrobat Reader) installed. End-users can avoid this issue by not accepting the license terms. This bug was publicly disclosed on October 31, 2017. End-users can avoid this issue by not accepting the license terms. This bug was publicly disclosed on October 31, 2017. Google Chrome prior to 76.0.4673.5 included a PDF viewer that would open the Adobe Digital Publishing Program license page when viewing a PDF file.
Fixed in Google Chrome 76.0.4673.6
This issue was fixed in version 76.0.4673.6. Google Chrome 76.0.4673.6 included a PDF viewer that would not open the Adobe Digital Publishing Program license page when viewing a PDF file if the user accepted the license terms at the beginning of the PDF file, as described in CVE-2022-0117.
Vulnerability Summary
A PDF viewer bug was discovered in Google Chrome prior to 76.0.4673.5 that would open the Adobe Digital Publishing Program license page when viewing a PDF file.
Vulnerable Software
Google Chrome prior to 76.0.4673.5 included a PDF viewer that would open the Adobe Digital Publishing Program license page when viewing a PDF file.
Vulnerability anatomy
An attacker who exploited this vulnerability could take control of the affected user's computer. To exploit this issue, an attacker would first need to lure the victim to a website that contains malicious HTML code.
This vulnerability is rated as Critical because users who visit a maliciously crafted website may be at risk of arbitrary code execution in the context of the current user.
Vulnerability Rating: Critical
Timeline
Published on: 02/12/2022 00:15:00 UTC
Last modified on: 04/19/2022 03:21:00 UTC
References
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://crbug.com/1115847
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0117