CVE-2022-1136 In Google Chrome before version 100, an attacker could exploit after free heap corruption by convincing a user to install a malicious extension.

CVE-2022-1136 In Google Chrome before version 100, an attacker could exploit after free heap corruption by convincing a user to install a malicious extension.

Google received a small number of reports confirmed that these issues are resolved in this release. In the future, we will release browser updates via the Chrome Accounts blog, Enterprise blogs, and OEM partners. If you’re using Google Chrome prior to version 100.0.4896.60 and have enabled the “After you close a tab” feature, an attacker could potentially exploit heap corruption via specific user gestures such as closing the last tab in a browser instance. Google Chrome prior to version 100.0.4896.60 might have failed to properly validate some user-provided data before proceeding with a potentially exploitable action. An attacker could potentially exploit this issue by convincing a user to install a malicious extension. Google Chrome prior to version 100.0.4896.60 allowed an attacker to potentially exploit heap corruption via a cross-origin request with a malformed MIME type. Google Chrome prior to version 100.0.4896.60 might have failed to properly validate some user-provided data before proceeding with a potentially exploitable operation.

Buffer Overflow

Buffer overflow is a type of software bug that can occur when an application receives more data than it is programmed to handle. This leads to the overwriting of certain software code, which can cause the program to crash or, in some cases, allow unauthorized access to parts of the system that were not intended for external access.

The most common example of this error is when a web browser opens a file with an unexpected size, such as a large image that cannot be displayed by the browser. If this file is sufficiently large, it will overwrite memory address space and likely cause the entire computer system to crash.

Google Chrome prior to version 100.0.4896.60 might have failed to properly validate some user-provid

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe