This issue has been fixed. The CVSS score is 7.4. Details For reference, these are the criteria that a vulnerability must meet to be classified as a CVSS issue. - Remote (Code Injection) - High consequences (System Level) - High probability of exploit (CVSS 7.4) - Easy detection (Source code available) - Patch available - Known about These criteria were met for the After free bug. Google Reported this issue to the Pwnium competition on March 20, 2018. It was resolved on March 21, 2018 with the release of version 105.0.5195.52. What’s the risk? This vulnerability is a heap overflow in the WebSQL implementation of Chrome prior to version 105.0.5195.52. This could be exploited to achieve remote code execution on a vulnerable system. Google rated this as a critical bug. How likely is it that I’ll be affected? We rate this as a likely vulnerability. We rated it Critical because it’s likely that an attacker would be able to execute arbitrary code on your system. What can be done to protect myself? Ensure you have the latest version of Chrome. If you are running an older version, update it as soon as possible.
As always, we recommend installing an up-to-date security software to protect your system from remote exploits.
Summary
This issue has been fixed. The CVSS score is 7.4. Details for reference, these are the criteria that a vulnerability must meet to be classified as a CVSS issue: - Remote (Code Injection) - High consequences (System Level) - High probability of exploit (CVSS 7.4) - Easy detection (Source code available) - Patch available - Known about
Timeline
Published on: 09/26/2022 16:15:00 UTC
Last modified on: 09/27/2022 04:53:00 UTC