This issue did not affect most users, as the browser tried to prevent this by performing strict type enforcement. However, since the type system was not complete, there was a small window where a user could execute arbitrary code. In the released versions of Google Chrome, updated address sanitization rules now block this attack vector. CVE-2017-5403: Incorrect Type Confusion in V8 in Google Chrome prior to 102.0.5 prior to addressing this type confusion issue, the V8 team patched a second issue where V8 incorrectly classified HTML elements as ArrayBuffer. This issue was addressed by updating V8.
Google Chrome Security Strength Indicators
The release of Chrome 70 on the 9th of June 2018 marked a significant milestone for Google Chrome, as it added support for the first set of Security Strength Indicators (SSI) to identify vulnerable software versions.
For those unfamiliar with SSIs, they are indicators that tell you things like whether your browser is up-to-date, whether you're running a secure version of Java, and whether your browser has been recently attacked. These indicators don't provide information about individual vulnerabilities; they merely indicate that something might be wrong.
Padding Oracle Breaking Out Of Sandbox
The “Padding Oracle” is a vulnerability that affects the interaction between JavaScript and Blink. Because the behavior of this vulnerability varies depending on the platform, we have qualified it as being cross-platform.
When a user visits a malicious website, they are taken to a page where they are prompted to enter their username and password before continuing to the main site. This prompt is actually an iframe in which the attacker can steal credentials from unsuspecting users.
Timeline
Published on: 07/27/2022 22:15:00 UTC
Last modified on: 08/15/2022 11:17:00 UTC