CVE-2022-1487 An Ozone vulnerability in Chrome prior to 101.0.4951.41 could lead to heap corruption if a Wayland test is run.

CVE-2022-1487 An Ozone vulnerability in Chrome prior to 101.0.4951.41 could lead to heap corruption if a Wayland test is run.

CVE-2017-7517 was originally reported as a potential crash in the WebGL rendering engine. However, a later inspection revealed that it is actually a use after free vulnerability in the Ozone rendering engine, which could lead to remote code execution. Ozone is the rendering engine used to render web content, and it is enabled by default in Google Chrome. Google has provided an update for Ozone, version 71.0.3578.23, which should prevent exploitation of this vulnerability. Users are encouraged to update their installations of Google Chrome, as the best security practices should be followed to prevent exploitation of vulnerabilities. After the update, users will no longer be at risk from this issue.

Google Chrome Releases updates to patch 20 CVEs

At the end of 2017, Google Chrome released an update to patch 20 CVEs that were reported in 2016, 2017 and 2018. All of these updates resolved vulnerabilities in various rendering engines. These patches are not considered a high-priority threat to users.

This vulnerability was originally reported as a potential crash in the WebGL rendering engine. However, a later inspection revealed that it is actually a use after free vulnerability in the Ozone rendering engine, which could lead to remote code execution. Ozone is the rendering engine used to render web content, and it is enabled by default in Google Chrome. Google has provided an update for Ozone, version 71.0.3578.23, which should prevent exploitation of this vulnerability. Users are encouraged to update their installations of Google Chrome, as the best security practices should be followed to prevent exploitation of vulnerabilities. After the update, users will no longer be at risk from this issue.>>END>>

Verification of the Vulnerability

Google has verified that the vulnerability is not exploitable in current Google Chrome installations.

What is the Use After Free vulnerability in Ozone?

The vulnerability occurs when an application is using objects from a smart pointer to allocate memory, but the smart pointer was deleted. The heap content is then used, leading to use of freed memory. Ozone could be remotely exploited by users due to this, as it's enabled by default in Google Chrome.

Vulnerability Details

A use after free vulnerability in the Ozone rendering engine has been discovered. This could potentially lead to remote code execution. The CVE-2017-7517 was originally reported as a potential crash in the WebGL rendering engine, but further inspection revealed that it is actually a use after free vulnerability in the Ozone rendering engine. Once exploited, this could lead to remote code execution on an affected device.
This issue affects Google Chrome, and no other products are known to be affected by this issue at this time.

Google has released a new version of Chrome that prevents exploitation of this vulnerability

Google Chrome has released an update for Ozone, version 71.0.3578.23, which should prevent exploitation of this vulnerability. Users are encouraged to update their installations of Google Chrome, as the best security practices should be followed to prevent exploitation of vulnerabilities. After the update, users will no longer be at risk from this issue.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe