CVE-2022-1863 An attacker could exploit heap corruption in Google Chrome after 102.0.5005.61 to potentially exploit after free.

CVE-2022-1863 An attacker could exploit heap corruption in Google Chrome after 102.0.5005.61 to potentially exploit after free.

Exploitation resulted in a potentially exploitable crash and another potential vector for attack. Google Chrome prior to 102.0.5 prior to allowing insecure extensions to open web pages that they have access to via Navigation Timing caused issues with some third party extensions that could allow an attacker to inject arbitrary code into a privileged context.

An attacker could convince a user to install an extension from a malicious site and then deliver content that exploited this issue to run arbitrary code.

An example of such an attack is an email with a malicious PDF sent in an attachment.

An attacker could convince a user to install an extension from a malicious site and then deliver content that exploited this issue to run arbitrary code.

An example of such an attack is an email with a malicious PDF sent in an attachment.

An attacker could convince a user to install an extension from a malicious site and then deliver content that exploited this issue to run arbitrary code.

An example of such an attack is an email with a malicious PDF sent in an attachment.

An attacker could convince a user to install an extension from a malicious site and then deliver content that exploited this issue to run arbitrary code.

An example of such an attack is an email with a malicious PDF sent in an attachment. Google Chrome prior to 102.0

Mitigation Strategies

If you are using a third party extension, make sure to use the web browser's built-in extensions.

If you are using a third party extension, make sure to use the web browser's built-in extensions.

If you are using a third party extension, make sure to use the web browser's built-in extensions.

Installing a malicious extension could allow arbitrary code execution

A malicious extension could allow an attacker to inject arbitrary code into a privileged context.
An example of such an attack is an email with a malicious PDF sent in an attachment.

An attacker could convince a user to install an extension from a malicious site and then deliver content that exploited this issue to run arbitrary code.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe