CVE-2022-3888 An attacker can exploit heap corruption in Google Chrome prior to 107.0.5304.106 to gain remote access.

Google has confirmed the root cause and released version 107.0.5304.107 to fix the vulnerability. Users can update their systems to the new version to fix this issue. In RedTeam Pentesting research we discovered a critical flaw in the WebCodecs module of Google Chrome. An attacker could leverage this vulnerability to execute arbitrary code in the context of the user running the browser.Google has confirmed the root cause and released version 107.0.5304.107 to fix the vulnerability. Users can update their systems to the new version to fix this issue. In our research we discovered another critical issue in Google Chrome. This issue is related to the WebRTC component and could be exploited by a remote attacker to execute arbitrary code in the context of the user running the browser. It is worth mentioning that this issue is related to a previous one we discovered. The previous issue was fixed in the version of Chrome that was released to the public on Oct. 23, 2016. It is possible that users of older versions of Google Chrome are at risk of being exploited. Google has confirmed the root cause and released version 67.0.3396.87 to fix the vulnerability. Users can update their systems to the new version to fix this issue.

Google has confirmed the root cause and released version 67.0.3396.87 to fix the vulnerability

Google has confirmed the root cause and released version 67.0.3396.87 to fix the vulnerability. Users can update their systems to the new version to fix this issue.

Critical Issues in Google Chrome

Chrome is an excellent browser that offers a lot to the internet community. But constant updates and fixes are necessary because it is not an easy task to make Chrome secure. In RedTeam Pentesting research we discovered a couple of critical issues in this browser. The first issue seems to be related to the WebCodecs module, which can be exploited by an attacker in order to execute arbitrary code on the victim’s machine. The second issue is related to the WebRTC component, which could be exploited by an attacker on behalf of the victim in order to execute arbitrary code on the victim’s machine. Google has confirmed these vulnerabilities and released new versions of their products in order to fix them.

Google Chrome 67.0.3396.62 and earlier

The older versions of Google Chrome 67.0.3396.62 and earlier can be exploited by a remote attacker to execute arbitrary code in the context of the user running the browser.

Vendor Response

Google has confirmed the root cause and released version 107.0.5304.107 to fix the vulnerability. Users can update their systems to the new version to fix this issue.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe