CVE-2022-1312 An attacker who convinced a user to install a malicious extension could potentially perform a sandbox escape.

CVE-2022-1312 An attacker who convinced a user to install a malicious extension could potentially perform a sandbox escape.

An attacker could convince a user to install a malicious extension, for example by convincing the user to visit an extension Webpage or to click on a malicious Extension icon in the omnibox.

An attacker could then use this extension to perform an after free after installing the extension, an attacker could convince the user to delete the extension and before the user has a chance to do so, an attacker could then use the after free to run arbitrary code as the user with the privileges of the extension. This could lead to privilege escalation and the possibility of a sandbox escape.

If you’re using a version of Chrome prior to version 100.0.4896.88, it’s recommended that you upgrade as soon as possible.

What’s changing?

Starting with Chrome version 100.0.4896.88, the extension will now be sandboxed until the user explicitly grants it access to browser features or performs an unprompted installation request. This change is intended to prevent malicious extensions from performing a sandbox escape after successful installation.

How to Stay Protected

If you're using a version of Chrome prior to version 100.0.4896.88, it's recommended that you upgrade as soon as possible. One way to stay protected is by disabling extensions, but this means you won't be able to use some of your favorite extensions.

CVE-2022-1313

An attacker could impersonate a user as another party and convince a user to install an extension, for example by convincing the user to visit an extension Webpage or to click on a malicious Extension icon in the omnibox.

If you’re using Chrome, it’s recommended that you upgrade as soon as possible.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe