CVE-2022-1306 Incompetently implemented compositing in Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox.

CVE-2016-1677 is classified as a High severity issue because it can lead to remote code execution. A remote attacker could trick a user into visiting a specially crafted website and exploit the Omnibox issue to execute arbitrary code. This issue affected the versions of Google Chrome prior to 100.0.4896.88. With the help of a specially crafted HTML page, an attacker could also inject arbitrary web script into the Omnibox of the affected version of Google Chrome. CVE-2016-1678 is classified as a High severity issue because it can lead to remote code execution. A remote attacker could trick a user into visiting a specially crafted website and exploit the Omnibox issue to execute arbitrary code. This issue affected the versions of Google Chrome prior to 100.0.4896.88. With the help of a specially crafted HTML page, an attacker could also inject arbitrary web script into the Omnibox of the affected version of Google Chrome. In the past, we have seen several instances of a malicious website hosting a watering hole attack (a page that targets a single user and is viewed frequently by that user) serving a crafted HTML page to embed a script in the Omnibox. This script, when clicked, launches a malicious site with a different URL than what was originally visited. It is worth noting that due to the fact that the Omnibox is a privileged UI, clicking the embedded script could cause it to run with full user rights. This makes it an

Summary

If you have a website or a computer in your network that has been compromised, the first step to take is to scan it for malware with an antivirus program. A lot of malicious content is delivered through email attachments and there is no way to be sure if you have received one without scanning your system. You can also try downloading and installing a tool such as EMET from Microsoft or ASLR from Google Chrome.
Advanced threat protection such as this will stop any possible 0-day exploits before they can affect your systems and data.

Timeline

Published on: 07/25/2022 14:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References

• https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
• https://crbug.com/1299287
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1306