CVE-2022-0809 In WebXR, out of bounds memory access allowed a remote attacker to exploit heap corruption.

CVE-2022-0809 In WebXR, out of bounds memory access allowed a remote attacker to exploit heap corruption.

This issue was fixed in version 99.0.4844.51. Google determined that this issue did not pose a significant security risk as no remote attack could be reliably performed. Users who were affected were encouraged to disable XR until a suitable XR-enabled version of Google Chrome was released. Due to the severity of the issue, we have designated it as a critical XR-related issue.

XR critical issue

The XR-related issue CVE-2022-0809 affected the browser's XR capabilities. This issue was fixed in version 99.0.4844.51, which was released on September 18, 2017.

ID 0x0-0x1: Device-specific error codes

0x0-0x1: Device-specific error codes are used to identify failures that occur during a specific stage of Chrome's execution. They are not necessarily security related, but they can be used for that purpose. For example, if Chromium can't find a font file or the system clock doesn't match the current time, it would generate an error code.

The following components of XR support were affected by this issue:
Article on how to avoid mistakes in outsourcing SEO

Permissions Issues in XR

Permissions issues in XR are a common issue.
However, these issues are not always related to the use of third-party libraries or plugins. Sometimes, permissions can be a cause of XR error messages that appear for other reasons. For example, if you attempt to run an app on a Chromebook with restricted permissions, you may see an error message that states "The app was not able to start because it tried to access privileged resources."

Vulnerability overview

This issue was fixed in version 99.0.4844.51 of Google Chrome. Google determined that this issue did not pose a significant security risk as no remote attack could be reliably performed. All users who were affected were encouraged to disable XR until a suitable XR-enabled version of Google Chrome was released. Due to the severity of the issue, we have designated it as a critical XR-related issue.

The 5 Most Common Mistakes for Outsourcing SEO
This blog post talks about the 5 most common mistakes people make when outsourcing their SEO efforts and how to avoid them: 1) Hiring a company that's not trained in SEO, 2) Not doing keyword research before hiring an outsourced company, 3) Creating content that isn't relevant or doesn't address the needs of your audience, 4) Not being clear on what your target customer base is, and 5) Spending too much on PPC ads targeting the wrong demographics

Impact of the Issue

XR is a component of Google Chrome that utilizes the hardware acceleration of your graphics card to improve web performance for video and image-heavy websites. This issue was present in versions 99.0.4844.51 - 99.0.4844.57, which were released on October 15th, 2016 and November 10th, 2016 respectively. The issue was discovered by a researcher at Google who noticed a timing anomaly between XR calls and events reported by the renderer process caused by an integer overflow that could result in information disclosure or privilege escalation if exploited via web content running on top of Google Chrome's XR implementation.
The Chromium team promptly addressed this issue in version 99.0.4900 of Google Chrome, which was released on December 22nd, 2016, but it remained undetected by users until a blog post was published by security researcher Scott Helme on January 3rd, 2017 detailing his discovery and publishing sample exploit code to demonstrate the vulnerability's existence during that time period.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe