CVE-2022-1483 Heap buffer overflow in WebGPU in Chrome prior to 101.0.4951.41 allowed a remote attacker who compromised the renderer process to exploit heap corruption.

This issue was fixed with the 18th Chromium release. Google advised users to avoid opening unsolicited HTML email attachments. In addition, users were encouraged to keep antivirus software updated and avoid clicking on unknown or questionable links. CVE-2018-6056: Heap buffer overflow in WebGL in Google Chrome prior to 72.0. Kaufman of Mozilla discovered a heap overflow in WebGL in Google Chrome prior to 72.0. In the scenario, a remote attacker could craft a JavaScript heap request that is large enough to cause the renderer process to crash. This issue was resolved with the 18th Chromium release. Users were advised to update their antivirus software and avoid clicking on unknown or questionable links. CVE-2018-6057: Heap buffer overflow in Skia in Google Chrome prior to 72.0. In the scenario, a remote attacker could craft a JavaScript heap request that is large enough to cause the renderer process to crash. This issue was resolved with the 18th Chromium release. Users were advised to update their antivirus software and avoid clicking on unknown or questionable links. CVE-2018-6052: Out-of-bounds write in Web Audio in Google Chrome prior to 72.0. In the scenario, a remote attacker could craft a HTML5 media stream that is large enough to cause the renderer process to crash. This issue was resolved with the 18th Chromium release. Users were advised to update their antivirus software and avoid clicking on

Google Chrome browser update

In order to protect users against these issues, Google Chrome released a patch that fixed the three identified vulnerabilities. This is in addition to the regular security updates that are released on a monthly basis.

Google has deprecated the NPAPI browser plugin in Chrome

In Chrome 72, Google has deprecated the NPAPI browser plugin. This is a significant change for all users of the Chrome browser who are still using NPAPI plugins.
The NPAPI plugin is no longer able to be instantiated in the browser and will not load any new content or content from external sources.

Timeline

Published on: 07/26/2022 22:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References

• https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
• https://crbug.com/1314754
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1483