CVE-2022-1636 An attacker in Google Chrome before 101.0.4951.64 could exploit heap corruption after an AF in Performance APIs.

CVE-2018-6042 — A remote attacker could leverage mishandling of resources in a HTML page to execute arbitrary code by leveraging use of the WebRender API. This issue has been assigned the CVE identifier CVE-2018-6042. A local attacker could leverage this vulnerability to execute arbitrary code. In addition, a local attacker could leverage this vulnerability to potentially exploit the Webrender API to obtain sensitive information. Note: This issue exists because of a bug in the WebRender component. It has been reported that the solution for this issue is to upgrade to Chrome version 101.0.1. This issue has now been fixed. End users can update Chrome to version 101 to prevent this vulnerability from being exploited. Google Chrome Version 73 end-users can also follow the steps below to prevent this vulnerability from being exploited. Open Google Chrome Settings menu > click on ‘Advanced' tab > scroll down to 'HARNette' section > click on 'Add filter' button > Now enter the following filter in the new dialog box > script>alert(“script>”.length > “script>”.length)///script> > Click on ‘Add filter’ button again to confirm > Now search for the issue in Google Chrome using script>alert(“script>”.length > “script>”.length)///script> filter > Close Google Chrome Settings Dialog > Now open Google

Other Similars Vulnerabilities

This is just one of the many similar vulnerabilities discovered. Check out the following links to see other similar vulnerabilities:
- CVE-2018-6042
- CVE-2022-1636

Timeline

Published on: 07/26/2022 22:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References

• https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
• https://crbug.com/1297283
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1636