CVE-2022-0980 An attacker who convinced a user to install a malicious extension could exploit heap corruption on the New Tab Page.

This issue has been fixed. After upgrading to Google Chrome 80, users must update all extensions to ensure they receive patch updates.

CVE-2018-6148 In Google Chrome prior to 69.0.3497.81, setting media autoplay to “enabled” through the browser’s settings did not prompt for confirmation before automatically playing sound. This setting was activated through external script, which was not covered by the user confirmation dialog.

In some circumstances, this could lead to a user being repeatedly paged to an audio or video site, with the media randomly playing.

CVE-2018-6149 In Google Chrome prior to 69.0.3497.81, canvas elements could cause a worker process to hang during shutdown. In some circumstances, Chrome would not properly terminate worker processes, resulting in a hang.

CVE-2018-6150 In Google Chrome prior to 69.0.3497.81, extensions could access privileged methods without explicit permission.

CVE-2018-6151 In Google Chrome prior to 69.0.3497.81, extensions could access privileged methods without explicit permission.
Redirecting users to a malicious site through an iframe through the Incognito mode in the browser's Incognito window, launched using a browser shortcut, or through other means could potentially lead to malicious extensions gaining access to privileged methods and potentially malicious code execution. This issue has been fixed by restricting access to privileged methods

Google Chrome Vulnerability Summary ~

In some circumstances, extensions could access privileged methods without explicit permission
Google Chrome is a web browser, which is available for the Windows and Macintosh operating systems. Users of Google Chrome are urged to upgrade to the latest version of the browser because a vulnerability has been discovered in the most recent version. This vulnerability could allow malicious extensions to access privileged methods without explicit permission, which could lead to malicious code execution.

Credit for Google Chrome

The issue has been fixed in Google Chrome 69.0.3497.81.

Google Chrome is a web browser developed by Google and an official operating system built on Chromium, a open-source software project that aims to build a safer, faster, more stable and more reliable way for users to experience the Web. It was first released as a public beta release on September 2, 2008, followed by the release of the stable version on September 29, 2008. A Windows port was released on November 25, 2009, followed by ports for Mac OS X (May 20, 2010), Linux (March 30, 2011), and Android (November 12, 2011). Since its release over 100 million copies have been installed in over 200 countries around the world in 52 languages.

Miscellaneous

- This issue has been fixed. After upgrading to Google Chrome 80, users must update all extensions to ensure they receive patch updates.

Timeline

Published on: 07/22/2022 17:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References

• https://crbug.com/1302157
• https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0980