CVE-2022-0610 Inappropriate implementation of Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to exploit heap corruption.

CVE-2022-0610 Inappropriate implementation of Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to exploit heap corruption.

Chrome version prior to 98.0.4758.102 is potentially affected by a heap corruption issue. A user visiting a specially crafted website could potentially exploit this to cause a denial of service or execute arbitrary code with the user's privileges. Google Chrome version prior to 98.0.4758.102 is potentially affected by a heap corruption issue. A user visiting a specially crafted website could potentially exploit this to cause a denial of service or execute arbitrary code with the user's privileges. Mitigation There are two possible mitigations - Update to Google Chrome 98.0.4758.102 or disable the Gamepad API by setting the Gamepad API to false in Google Chrome settings. In addition, users can enable Incognito mode to restrict access to the Gamepad API via the steps below: Open Chrome Settings Click on Show advanced settings at the bottom of the page Select Privacy and safety Click onContent settings under Privacy and safety Click on Change what sites can do with your data Under Web activity, click on Gamepad API and select either Do not allow or Enable click here for detailed instructions on how to resolve this issue.

Google has revoked the update for Chrome  67

.0.3396.99 due to a security issue
Google has revoked the update for Chrome 67.0.3396.99 due to a security issue. Mitigation The only recommended mitigation is to use Google Chrome version 68 or later for all users, as this version includes a fix for this vulnerability. For more information, please see the release notes on the Chromium blog .

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe