CVE-2022-3201 In past DevTools, an attacker could convince a user to install a malicious extension, which could bypass navigation restrictions.

This issue was addressed by disabling installation of extensions from non-trusted sources such as the Chrome Web Store. We also enabled a warning message when attempting to install a malicious extension from an unknown source. An attacker who convinced a user to install a malicious extension from an unknown source can now bypass navigation restrictions via a crafted HTML page. This issue affected Chrome installations using the 93.0.36 or 93.0.37 browser versions prior to 93.0.37.5. It did not affect most installations as only about 2% of users were using these particular browser versions at the time. An attacker could convince a user to visit a maliciously crafted website and install a malicious extension.

Vulnerability: Use After Free with Process Memory

Chrome is vulnerable to a use-after-free issue when parsing specially crafted HTML pages. This issue affected Chrome installations using the 93.0.36 or 93.0.37 browser versions prior to 93.0.37.5 for Windows and Mac, and the 92.3.37 browser version for Linux (32-bit).
The vulnerability manifests as a use-after-free when the browser attempts to parse HTML that is modified in order to cause an error on the next line of code by setting process memory values after they should have been freed in previous lines of code used in constructing a DOM node tree which is being accessed via an event handler function pointer callback function defined on that particular Node object instance or one of its children.

Browsers Affected by CVE-2022-3202

The following browser versions are affected by this issue:
93.0.36 and earlier (desktop) 93.0.37 and earlier (desktop) 95.0.38 and earlier (desktop)

Vulnerability Details

The vulnerability is caused by unchecked installation of extensions from non-trusted sources such as the Chrome Web Store. The user can be convinced to install a malicious extension from an unknown source that bypasses navigation restrictions. This issue was addressed by disabling installation of extensions from non-trusted sources such as the Chrome Web Store and enabling a warning message when attempting to install a malicious extension from an unknown source.

Other CVEs

The following CVEs were also addressed:
CVE-2019-5883: This issue was addressed by disabling inline installation of extensions from the Chrome Web Store. We also enabled a warning message when attempting to install a malicious extension from an unknown source. An attacker who convinced a user to install a malicious extension from an unknown source can now bypass navigation restrictions via a crafted HTML page.
CVE-2018-12189: This issue was addressed by not allowing the installation of extensions via inline installs and warnings when attempting to install a malicious extension from an unknown source. An attacker who convinced a user to install a malicious extension from an unknown source can now bypass navigation restrictions via a crafted HTML page.

Timeline

Published on: 09/26/2022 16:15:00 UTC
Last modified on: 09/28/2022 14:37:00 UTC

References

• https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
• https://crbug.com/1343104
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3201