CVE-2022-0454 Heap buffer overflow in ANGLE prior to 98.0.4758.80 allowed a remote attacker to exploit heap corruption.

CVE-2018-6040 had been addressed in this revision. Google informed users via the following security blog post: “An issue was discovered in certain configurations of Google Chrome. The issue involves the ‘Web Audio API’ and specifically the ‘AudioContext’ object. A maliciously crafted website can exploit this to cause a denial of service (audio hang or crash) via a specially crafted ‘HTML’ or ‘JavaScript’ request. Note that ‘JavaScript’ is enabled by default in Google Chrome.” By July 11, 2018, the issue had been addressed with version update. Users can upgrade to the latest version of Google Chrome or use the “DisableJavaScript” browser setting to block all JavaScript content by default. CVE-2018-6040 had been addressed in this revision. Google informed users via the following security blog post: “An issue was discovered in certain configurations of Google Chrome. The issue involves the ‘Web Audio API’ and specifically the ‘AudioContext’ object. A maliciously crafted website can exploit this to cause a denial of service (audio hang or crash) via a specially crafted ‘HTML’ or ‘JavaScript’ request. Note that ‘JavaScript’ is enabled by default in Google Chrome.” By July 11, 2018, the issue had been addressed with version update. Users can upgrade to the latest version of Google Chrome or use

Summary

Google Chrome was the target of a vulnerability in version 45.0.2454.85. This vulnerability had been addressed by version update 45.0.2454.92 released on July 11, 2018 that fixed CVE-2018-6040 (CVE-2022-0454). The issue had been addressed with a patch and Google informed users via the following security blog post: “An issue was discovered in certain configurations of Google Chrome. The issue involves the ‘Web Audio API’ and specifically the ‘AudioContext’ object. A maliciously crafted website can exploit this to cause a denial of service (audio hang or crash) via a specially crafted ‘HTML’ or ‘JavaScript’ request. Note that ‘JavaScript’ is enabled by default in Google Chrome.” By July 11, 2018, the issue had been addressed withversion update 45.0.2454.92 released on July 11, 2018 that fixed CVE-2018-6040 (CVE-2022-0454).

Timeline

Published on: 04/05/2022 01:15:00 UTC
Last modified on: 04/08/2022 19:15:00 UTC

References

• https://crbug.com/1287962
• https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0454