CVE-2022-2157 An attacker who broke the renderer process could exploit heap corruption on a compromised page.

CVE-2022-2157 An attacker who broke the renderer process could exploit heap corruption on a compromised page.

This issue was addressed by ensuring that renderer processes have a non-zero PID, ensuring that renderer processes have a non-zero PID, and disabling the printing of debug messages to the console. Note: This issue was originally reported to occur in Firefox. However, it has been determined that Google Chrome is the most likely version affected. By default, Google Chrome does not print debug messages to the console. This prevents debugging by attaching a debugger to the renderer process. This can be enabled by setting g_log_verbose to 2 in the browser's about:config page. In addition to the bug being fixed in the reference browser, users of Google Chrome are strongly encouraged to upgrade to the latest version. Google has also disabled printing debug messages by default in the latest Beta version of Chrome.

Fix ing the Bug

This bug was fixed in the reference browser and in Google Chrome Beta.

CVE-2022-2158.

This issue was addressed by ensuring that renderer processes have a non-zero PID, ensuring that renderer processes have a non-zero PID, and disabling the printing of debug messages to the console. Note: This issue was originally reported to occur in Firefox. However, it has been determined that Google Chrome is the most likely version affected. By default, Google Chrome does not print debug messages to the console. This prevents debugging by attaching a debugger to the renderer process. This can be enabled by setting g_log_verbose to 2 in the browser's about:config page. In addition to the bug being fixed in the reference browser, users of Google Chrome are strongly encouraged to upgrade to the latest version. Google has also disabled printing debug messages by default in the latest Beta version of Chrome.

Other versions

Other versions of Firefox were not found to be affected.

CVE-2204-2158

This issue was addressed by ensuring that renderer processes have a non-zero PID, ensuring that renderer processes have a non-zero PID, and disabling the printing of debug messages to the console.

Confirm that you are using the latest version

If you are using Firefox, make sure the latest version of Mozilla Firefox is installed.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe