This issue was addressed by ensuring that renderer processes have a non-zero PID, ensuring that renderer processes have a non-zero PID, and disabling the printing of debug messages to the console. Note: This issue was originally reported to occur in Firefox. However, it has been determined that Google Chrome is the most likely version affected. By default, Google Chrome does not print debug messages to the console. This prevents debugging by attaching a debugger to the renderer process. This can be enabled by setting g_log_verbose to 2 in the browser's about:config page. In addition to the bug being fixed in the reference browser, users of Google Chrome are strongly encouraged to upgrade to the latest version. Google has also disabled printing debug messages by default in the latest Beta version of Chrome.
Fix ing the Bug
This bug was fixed in the reference browser and in Google Chrome Beta.
CVE-2022-2158.
This issue was addressed by ensuring that renderer processes have a non-zero PID, ensuring that renderer processes have a non-zero PID, and disabling the printing of debug messages to the console. Note: This issue was originally reported to occur in Firefox. However, it has been determined that Google Chrome is the most likely version affected. By default, Google Chrome does not print debug messages to the console. This prevents debugging by attaching a debugger to the renderer process. This can be enabled by setting g_log_verbose to 2 in the browser's about:config page. In addition to the bug being fixed in the reference browser, users of Google Chrome are strongly encouraged to upgrade to the latest version. Google has also disabled printing debug messages by default in the latest Beta version of Chrome.
Other versions
Other versions of Firefox were not found to be affected.
CVE-2204-2158
This issue was addressed by ensuring that renderer processes have a non-zero PID, ensuring that renderer processes have a non-zero PID, and disabling the printing of debug messages to the console.
Confirm that you are using the latest version
If you are using Firefox, make sure the latest version of Mozilla Firefox is installed.
Timeline
Published on: 07/28/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:21:00 UTC
References
- https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
- https://crbug.com/1327312
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
- https://security.gentoo.org/glsa/202208-25
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2157