An attacker could convince a user to install a malicious extension, for example by convincing the user to visit an extension Webpage or to click on a malicious Extension icon in the omnibox.
An attacker could then use this extension to perform an after free after installing the extension, an attacker could convince the user to delete the extension and before the user has a chance to do so, an attacker could then use the after free to run arbitrary code as the user with the privileges of the extension. This could lead to privilege escalation and the possibility of a sandbox escape.
If you’re using a version of Chrome prior to version 100.0.4896.88, it’s recommended that you upgrade as soon as possible.
What’s changing?
Starting with Chrome version 100.0.4896.88, the extension will now be sandboxed until the user explicitly grants it access to browser features or performs an unprompted installation request. This change is intended to prevent malicious extensions from performing a sandbox escape after successful installation.
How to Stay Protected
If you're using a version of Chrome prior to version 100.0.4896.88, it's recommended that you upgrade as soon as possible. One way to stay protected is by disabling extensions, but this means you won't be able to use some of your favorite extensions.
CVE-2022-1313
An attacker could impersonate a user as another party and convince a user to install an extension, for example by convincing the user to visit an extension Webpage or to click on a malicious Extension icon in the omnibox.
If you’re using Chrome, it’s recommended that you upgrade as soon as possible.
Timeline
Published on: 07/25/2022 14:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC