CVE-2022-0973 An after free vulnerability was found in Google Chrome before version 99.0.4844.74, which could lead to heap corruption.

CVE-2022-0973 An after free vulnerability was found in Google Chrome before version 99.0.4844.74, which could lead to heap corruption.

CVE-2016-1902 has been assigned to this issue. All users are advised to update to the latest version of Google Chrome. Additionally, users should be careful when visiting websites and follow safe browsing practices to avoid clicking on unexpected links. After the patching of the above issue, Google Chrome was vulnerable to a heap overflow via a crafted HTML page. In the following advisory we will describe how to exploit this flaw in Google Chrome. To exploit this issue, a remote attacker must convince you to visit a malicious website via social engineering or by convincing you to click a malicious link. After you are successfully exploited, the attacker must convince you to open a malicious file from a remote location. The user must then have Google Chrome open on the same local machine as the malicious file. This issue has been fixed in the latest version 93.0.3101.8. We recommend that users update to the latest version as soon as possible. In addition, we recommend that users follow safe browsing practices to avoid clicking on unexpected links and be cautious when visiting websites. After the patching of the above issue, Google Chrome was vulnerable to a heap overflow via a crafted HTML page. In the following advisory we will describe how to exploit this flaw in Google Chrome. To exploit this issue, a remote attacker must convince you to visit a malicious website via social engineering or by convincing you to click a malicious link

Overview

The following is a detailed description of how to exploit the vulnerability in Google Chrome.

Installing and using TamperMonkey Script

TamperMonkey is a plugin that allows users to customize their browsing experience by adding scripts and running them in the background. It has been around for quite some time, but it's not without its problems. In particular, an issue was discovered that could be exploited by malicious users to redirect unsuspecting users to a malicious website. This issue has since been fixed in the latest version 2.9.2 of TamperMonkey Script. We recommend that users update to the latest version as soon as possible because you wouldn't want to fall victim to this vulnerability while browsing the web!
To install and use TamperMonkey Script on your computer, you should first download and install Tampermonkey from https://chrome.google.com/webstore/detail/tampermonkey/njklccieejjhkdijeoidpnicmofjjigdc?hl=en

Google Chrome Heap Overflow Vulnerability

Recently on May 20, 2016, Google Chrome was found to be vulnerable to a heap overflow via a crafted HTML page. In the following advisory we will describe how to exploit this flaw in Google Chrome. To exploit this issue, a remote attacker must convince you to visit a malicious website via social engineering or by convincing you to click a malicious link. After you are successfully exploited, the attacker must convince you to open a malicious file from a remote location. The user must then have Google Chrome open on the same local machine as the malicious file. This issue has been fixed in the latest version 93.0.3101.8. We recommend that users update to the latest version as soon as possible. In addition, we recommend that users follow safe browsing practices to avoid clicking on unexpected links and be cautious when visiting websites

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe