CVE-2022-1132 Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions.

In all Google Chrome releases prior to version 69, this issue was addressed by checking the device's physical location using the new Physical Location API. On devices with this API enabled and a maliciously-installed extension, a remote attacker could use this flaw to bypass content navigation restrictions. Google Chrome now checks the device's physical location using the new Physical Device Location API. Note: Chrome devices with older APIs enabled will not receive this update, but should be protected against this issue with the above warned-about precautions. In all releases of Google Chrome prior to version 69, extensions were not sandboxed. As a result, a malicious extension installed on a user's system could access data from other installed extensions or the host application, bypassing host application restrictions. This issue was addressed by moving extension management into a new extension signing system. In all releases of Google Chrome prior to version 69, extensions were not sandboxed. As a result, a malicious extension installed on a user's system could access data from other installed extensions or the host application, bypassing host application restrictions. This issue was addressed by moving extension management into a new extension signing system. In all releases of Google Chrome prior to version 69, extensions were not sandboxed

Version number of this article

This article was written on June 12, 2018.

How to Update

Google Chrome on a PC
To update Google Chrome on your PC, follow these instructions:
1. Visit the Google Chrome download page and click "Download."
2. Click the "Mac" or "Windows Download" button depending on which operating system you are using.
3. Follow the prompts to install Google Chrome, specifying the location of the downloaded installer file.
4. Once you've installed Google Chrome, open it up and re-enable extensions by visiting chrome://extensions in your browser URL bar and clicking Manage Extensions to re-enable all disabled extensions.

Platform & Browser Integration

While running in a browser, Chrome extensions use the same security model as the host application. In order to improve security and reduce exposure, Chrome now restricts extension access to content its scripts have access to.

Timeline

Published on: 07/23/2022 00:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References

• https://crbug.com/1303410
• https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1132