CVE-2022-3196 An after free vulnerability in Google Chrome could be exploited to cause heap corruption.

CVE-2018-6050 was assigned this issue. As of writing this advisory, it is still unclear whether this issue can be exploited to achieve remote code execution. It is recommended to update to the latest version of Google Chrome. Google Chrome prior to 105.0.

5195.125, when using the Address bar to navigate to a remote site, allowed a remote attacker to potentially inject arbitrary JavaScript into another tab via a crafted URL.

Google Chrome prior to 105.0.5195.125, when printing a PDF file, allowed a remote attacker to potentially execute arbitrary code outside of the sandbox via a crafted PDF file.

Google Chrome prior to 105.0.5195.125, when printing to a Windows printer, allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Google Chrome prior to 105.0.5195.125, when opening a PDF file, allowed a remote attacker to potentially execute arbitrary code outside of the sandbox via a crafted PDF file.

Google Chrome prior to 105.0.5195.125, when loading a malicious PDF file, allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

The Walkthrough

Google Chrome prior to 105.0.5195.125, when loading a malicious PDF file, allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
This issue has been assigned CVE-2018-6050

Vulnerability overview

CVE-2022-3196, CVE-2018-6050, CVE-2018-6051, and CVE-2018-6052 are vulnerabilities in Google Chrome. The following is a list of vulnerabilities associated with these issues:

CVE-2022-3196 allowed a remote attacker to execute arbitrary code outside of the sandbox via a crafted PDF file.

CVE-2018-6050 was assigned this issue. As of writing this advisory, it is still unclear whether this issue can be exploited to achieve remote code execution. It is recommended to update to the latest version of Google Chrome.
Google Chrome prior to 105.0.5195.125, when loading a malicious PDF file, allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Google Chrome prior to 105.0.5195.125 allowed for an attacker on the same network as the victim could potentially achieve Remote Code Execution via Javascript injection into another tab due to an error in implementation of HTTP redirects from the Address bar (CVE-2018-6051).
Google Chrome prior to 105.0.5195.125 permitted an attacker on the same network as the victim could potentially exploit heap corruption due to errors in implementation of HTTP redirects from the Address bar (CVE-2018-6052).

Timeline

Published on: 09/26/2022 16:15:00 UTC
Last modified on: 09/29/2022 17:15:00 UTC

References

• https://crbug.com/1358090
• https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
• https://security.gentoo.org/glsa/202209-23
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3196