CVE-2022-3198 An after free vulnerability in Google Chrome could be exploited to cause heap corruption.

CVE-2018-6050 was assigned this issue. As of writing this advisory, it is still unclear whether this issue can be exploited to achieve remote code execution. It is recommended to update to the latest version of Google Chrome. Google Chrome prior to 105.0.

5195.125, when using the Address bar to navigate to a remote site, allowed a remote attacker to potentially inject arbitrary JavaScript into another tab via a crafted URL.

Google Chrome prior to 105.0.5195.125, when printing a PDF file, allowed a remote attacker to potentially execute arbitrary code outside of the sandbox via a crafted PDF file.

Google Chrome prior to 105.0.5195.125, when printing to a Windows printer, allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Google Chrome prior to 105.0.5195.125, when opening a PDF file, allowed a remote attacker to potentially execute arbitrary code outside of the sandbox via a crafted PDF file.

Google Chrome prior to 105.0.5195.125, when loading a malicious PDF file, allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Software Description:

Google Chrome
Alternatively known as the Google Chrome browser, this is a web browser that functions as an application on desktop computers, laptops, and tablets. It was developed by Google for use in personal computers, smartphones and tablet computers running the Linux operating system or Apple's macOS.
The user interface of Google Chrome consists of four parts:
- The address bar: This is where users type websites they want to visit. You can also click on "bookmarks" or "history" to load previously visited sites.
- The search bar: When you type into the address bar, this part of the interface will display search results from popular websites such as Google and Wikipedia.
- The toolbar: This organizes various tools like your timezone, spell checker, language settings, etc., into a single location.
- The webpage: This is where all content appears on the screen when you launch the browser.

Google Chrome versions prior to 105.0.5195.125 are affected

1. Google Chrome is vulnerable to external attacks that can be exploited by a remote attacker to potentially execute arbitrary code outside of the sandbox, as well as heap corruption when printing a document and opening it in Chrome.
2. Google Chrome is vulnerable to external attacks that can be exploited by a remote attacker to potentially exploit heap corruption in Chrome, which may lead to arbitrary code execution or denial of service conditions.
3. Google Chrome is vulnerable to external attacks that can be exploited by a remote attacker to crash the browser due to memory allocation issues caused by a malformed PDF file or other crafted file type, leading to a denial of service condition.

Google Chrome  104.0 .38

There is an information disclosure vulnerability. This issue might allow a remote attacker to obtain sensitive information that should not be available to the general public.

Google Chrome on Android

Google Chrome on Android prior to 105.0.5195.125, when loading a malicious PDF file, allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Timeline

Published on: 09/26/2022 16:15:00 UTC
Last modified on: 09/29/2022 17:15:00 UTC

References

• https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
• https://crbug.com/1355682
• https://security.gentoo.org/glsa/202209-23
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3198