This issue has been fixed in current Google Chrome OS versions. Google Bug: CVE-2018-5123. Google has also confirmed that this issue is not exploitable for regular users.
Chrome OS: Google has confirmed that this is not exploitable for regular users
One of the newest features in Google's Chrome OS is that it can now be installed on a computer with an Intel processor. The new feature allows users to install the operating system on computers that don't have an SSD.
The flaw in Google's operating system was first discovered by researcher Tavis Ormandy. He found that the issue allowed him to gain administrative privileges without any user interaction.
Using Google browser on Chromebook can lead to Chatspotting
If you Google Chrome OS device and have installed the latest updates, this issue has been fixed in current Google Chrome OS versions.
Google has also confirmed that this issue is not exploitable for regular users.
GPU memory corruption vulnerability
A GPU memory corruption vulnerability in the Linux kernel has been discovered and patched by Google. This issue was patched on December 3, 2018.
How to Check if Google Chrome OS is Vulnerable to CVE-2018-5123
To check if Google Chrome OS is vulnerable to the recently-reported vulnerability, users can follow these steps:
1) Open Google Chrome and type chrome://settings/help
2) Click on Information about help features
3) Scroll down to the section "Security"
4) Check if the text box titled "CVE-2018-5123" is marked as "Allowed". If not, it means that your device is not vulnerable.
Timeline
Published on: 09/26/2022 16:15:00 UTC
Last modified on: 10/03/2022 02:15:00 UTC
References
- https://crbug.com/1345245
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://security.gentoo.org/glsa/202209-23
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3051