CVE-2022-0976 Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to exploit heap corruption.

CVE-2022-0976 Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to exploit heap corruption.

This issue was addressed by updating to Google Chrome version 99.0.4844.75.
This issue has been fixed in Chromium version v66.0.3359.117.

On Windows systems, it was possible to cause a denial of service by triggering a system call during the shutdown process. This issue was addressed by ensuring that the system call is not allowed during shutdown.

A use-after-free flaw in Blink could result in the execution of arbitrary code with elevated privileges. This issue was addressed by removing the unsafe use of createElement.
This issue has been fixed in Chromium 67.0.3396.62.

An out-of-bounds read flaw was found in the handling of SVG content. This issue has been fixed in Chromium 67.0.3396.62.

On Windows systems, if a user had enabled the "Click to play" setting for media streams and then installed an extension that loaded a media stream that did not support click tracking, it was possible to cause a crash. This issue was addressed by disabling the "Click to play" setting when installing extensions.
On Mac systems, if a user had enabled the "Click to play" setting for media streams, it was possible to cause a crash. This issue was addressed by disabling the "Click to play" setting when installing extensions.
On Linux systems, if a user had enabled the "Click to play" setting for media streams

Internet Explorer and Edge

This issue was addressed by updating to Edge version 38.14393.0.
This issue has been fixed in Edge version 45.15063.0.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe