CVE-2022-0972 An attacker who convinces a user to install a malicious extension can exploit heap corruption in Chrome.

This issue was addressed by restricting the permissions of extensions installed through the Chrome Web Store. Red Hat Enterprise Linux 7 provides mitigations against a regression in VMWare Workstation 12, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by upgrading VMWare Workstation to version 12.5.5. Red Hat Enterprise Linux 7 provides mitigations against a regression in Microsoft Windows 10 version 1803, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating Microsoft Windows to version 1803. Red Hat Enterprise Linux 7 provides mitigations against a regression in EMC ScaleSC 8.6, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating EMC ScaleSC to version 8.7. Red Hat Enterprise Linux 7 provides mitigations against a regression in Microsoft Edge, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating Microsoft Edge to version 57. Red Hat Enterprise Linux 7 provides mitigations against a regression in Oracle VirtualBox, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating Oracle VirtualBox to version 5.0.18

Platform Security Updates

Red Hat Enterprise Linux 7 provides mitigations against a regression in VMWare Workstation 12, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by upgrading VMWare Workstation to version 12.5.5. Red Hat Enterprise Linux 7 provides mitigations against a regression in Microsoft Windows 10 version 1803, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating Microsoft Windows to version 1803. Red Hat Enterprise Linux 7 provides mitigations against a regression in EMC ScaleSC 8.6, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating EMC ScaleSC to version 8.7. Red Hat Enterprise Linux 7 provides mitigations against a regression in Microsoft Edge, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating Microsoft Edge to version 57. Red Hat Enterprise Linux 7 provides mitigations against a regression in Oracle VirtualBox, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating Oracle VirtualBox to version 5.0.18

Key Changes from Previous versions

Important changes from previous versions of Red Hat Enterprise Linux are listed below.
- CVE-2022-0972: Restricting permissions of extensions installed through the Chrome Web Store.
- CVE-2022-1435: Restricting permissions of extensions installed through the Chrome Web Store.
- CVE-2019-10945: Restricting permissions of extensions installed through the Chrome Web Store.
- CVE-2019-10946: Restricting permissions of extensions installed through the Chrome Web Store and blocking them if they do not provide a valid digital certificate issued by a trusted Certificate Authority (CA).
- CVE-2020-10948: Restricted access to SSL/TLS connections that originate from inside the guest virtual machine in a Parallels Desktop virtualization product, as well as restricting any traffic between guest and host operating systems in this product.

Security enhancements

Red Hat Enterprise Linux 7 provides mitigations against a regression in QEMU, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by updating QEMU to version 2.11.2.

References: https://access.redhat.com/security/cve/CVE-2022-0972

https://access.redhat.com/security/cve/CVE-2022-0970
https://access.redhat.com/security/cve/CVE-2022-0971
https://access.redhat.com/security/cve/CVE-2022-0969
 The article explains that Red Hat Enterprise Linux 7 provides mitigations to address a vulnerability in VMWare Workstation 12, Microsoft Windows 10 version 1803, EMC ScaleSC 8.6, Microsoft Edge, Oracle VirtualBox, and Microsoft Virtual PC 2007 R2 that could have been exploited by attackers to conduct remote code execution on the targeted system.

Check Point Software Technologies Ltd .

Check Point Software Technologies Ltd. is a leading provider of endpoint security solutions that protect against the latest cyber-attacks. The company provides its solutions to virtually every industry and nearly all types of organizations, including businesses, government entities, education institutions, healthcare organizations, and more.
One of the company’s most popular products is its Check Point Endpoint Security product line, which includes firewall-based security solutions for both large and small businesses. Check Point Endpoint Security allows users to take control over their networks by implementing several layers of protection against network attacks such as viruses and other threats that could cause damage to their data or systems. These layers include anti-malware and anti-exploit technologies, Intrusion Prevention Systems (IPS), application control systems (ACS), web content filtering, Virtual Private Networks (VPNs), and more.

Timeline

Published on: 07/21/2022 23:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References

• https://crbug.com/1301320
• https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0972