CVE-2022-3040 An after free vulnerability in Layout in Google Chrome before 105.0.5195.52 could lead to heap corruption.

Note that this issue was with the media plugin and has fixed in the latest media release. CVE-2018-6109 In Google Chrome prior to 105.0.5274, Mozilla Firefox prior to 65.0, and SeaMonkey prior to 2.58, there was a race condition between object destruction and access checks, which allowed a remote attacker using a crafted HTML page to potentially exploit memory corruption via a Cross-Origin request. On Windows, if a user opens an HTML page that uses this vulnerability and then quickly opens another HTML page (to close the first one, for example), there is a risk that the second HTML page will use the same memory location as the first one, resulting in a buffer overflow. This issue does not occur on Mac or Linux. CVE-2018-6093 In Google Chrome prior to 105.0.5292, Mozilla Firefox prior to 65.0, and SeaMonkey prior to 2.58, there was a security bypass issue with the WebSocket implementation through WebSockets.cpp. This issue has been fixed in version 2.58.1. On Windows, if a user opens an HTML page that uses this vulnerability and then quickly opens another HTML page (to close the first one, for example), there is a risk that the second HTML page will use the same memory location as the first one, resulting in a buffer overflow. This issue does not occur on Mac or Linux. CVE-2018-6094 In Google Chrome prior to

Security update from April 11, 2018

Chrome 65.0.3252.0
Fixes multiple memory safety issues and several use-after-free issues for which no CVE IDs were assigned.
For users of Google Chrome, this update includes 25 security fixes in addition to the security fixes described in CVE-2018-6093 and CVE-2018-6094 (listed above). The following are some of the highlights:
* Type confusion vulnerabilities that lead to a denial of service or potentially allow code execution via an array's length property were fixed.
* Use-after-free vulnerabilities that lead to a denial of service or potentially allow code execution via bindings involving SVG animations were fixed.
* Use-after-free vulnerability that leads to a denial of service or potentially allows remote code execution via crafted JavaScript content was fixed.

Mitigation of the CVE-2018-6094 Hardening on Windows

Google Chrome users can mitigate this vulnerability by setting the "Chrome over WebSockets" option to "Always block". This option is located in Chrome's advanced settings.

Fixed in Google Chrome  76 .0.3809.100

Timeline

Published on: 09/26/2022 16:15:00 UTC
Last modified on: 09/27/2022 03:37:00 UTC

References

• https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
• https://crbug.com/1341539
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3040