CVE-2022-1853 An attacker can escape the sandbox in Google Chrome before version 102.0.5005.61 by posting a crafted HTML page.

This issue has been fixed.

After parsing of invalid JavaScript expressions, Google Chrome prior to 102.0.5005.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Prior to Google Chrome version 102.0.5, there is a feature where the user can disable rendering of an entire site. This feature has been used by malicious code to conduct cross-origin information disclosure. A malicious site could use this feature to send data to another site where JavaScript code happens to be enabled, which could potentially be exploited by the second site to conduct cross-site scripting attacks. This issue has been fixed by removing the code that could be used by malicious sites to enable JavaScript in pages that are blocked from rendering.

Prior to Google Chrome version 102.0.5, there is a feature where the user can disable rendering of an entire site. This feature has been used by malicious code to conduct cross-origin information disclosure. A malicious site could use this feature to send data to another site where JavaScript code happens to be enabled, which could potentially be exploited by the second site to conduct cross-site scripting attacks. This issue has been fixed by removing the code that could be used by malicious sites to enable JavaScript in pages that are blocked from rendering. Information disclosure in IndexedDB in Google Chrome prior to 102.0.5005

Information disclosure in IndexedDB in Google Chrome prior to 102.0.5005

In Google Chrome prior to version 102.0.5005, an information disclosure vulnerability exists in the IndexedDB API that allows a malicious site to gain access to private data from other sites. The API exposes an indexed database through the web navigator API and does not properly validate the origin of URLs provided by a user. This could lead to data exposure for users who visit malicious sites that allow arbitrary data access when visiting a site with a sandboxed content process (e.g., https://www.examplecom/examplepage).

Information disclosure in IndexedDB in Google Chrome prior to 102.0.5005

A flaw in Google Chrome's IndexedDB implementation could allow an attacker to observe information on the local file system of a target user. This is because, in certain cases, IndexedDB might not use a unique key for storing files instead of using the filename as the key.
This issue has been fixed by not allowing IndexedDB to use any filename as the key when storing files in the database.

Information disclosure in IndexedDB in Google Chrome prior to 102.0.5005

Information disclosure in IndexedDB in Google Chrome prior to 102.0.5005

In Google Chrome prior to version 102.0.5005, when IndexedDB failed to release a previously allocated object, an attacker could potentially use this information disclosure for cross-site scripting attacks. This has been fixed by ensuring that the appropriate operation is called from the correct context in such cases.

Timeline

Published on: 07/27/2022 22:15:00 UTC
Last modified on: 08/15/2022 11:17:00 UTC

References

• https://crbug.com/1324864
• https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1853