This issue was fixed in version 9.5.5.5. The issue existed due to a race condition where the out of bounds write could be triggered during a user interaction that triggered a painting operation. This issue was addressed by ensuring that the out of bounds write cannot be triggered during a painting operation.
CVE-2018-6074: Incorrect access control for background images in Google Chrome on Windows and Mac (self-reported)
In certain circumstances, a malicious website could reposition or resize an image to gain access to privileged functions inside the context of the current tab. This could result in the stealing of sensitive information or an exploit of other vulnerabilities. Chrome on Windows prior to 72.0. providesthat an attacker can access privileged functions in the context of the current tab. (Chromium security severity: High)
CVE-2018-6076: Incorrect access control for background images in Google Chrome on Android (self-reported)
In certain circumstances, a malicious website could reposition or resize an image to gain access to privileged functions inside the context of the current tab. This could result in the stealing of sensitive information or an exploit of other vulnerabilities. (Chromium security severity: High)
CVE-2018-6075: Incorrect access control for background images in Google Chrome on Android (self-reported)
In certain circumstances, a malicious website could reposition or resize an image to gain access to privileged functions
Miscellaneous Issues
These issues were not assigned a CVE ID.
Improvement
Chrome on Windows and Mac prior to 72.0. used to provide that an attacker could access privileged functions in the context of the current tab. This privilege was removed so that the errors can be avoided. (Chromium security severity: High)
Chrome on Android before 72.0. only provided that a malicious website could reposition or resize an image in order to gain access to privileged functions inside the context of the current tab, but it didn’t provide any protection against other vulnerabilities like stealing sensitive information or exploits of other vulnerabilities. (Chromium security severity: High)
CVE-2018-6076: Incorrect access control for background images in Google Chrome on Android (self-reported)
In certain circumstances, a malicious website could reposition or resize an image to gain access to privileged functions inside the context of the current tab. This could result in the stealing of sensitive information or an exploit of other vulnerabilities. (Chromium security severity: High)
The issue has been fixed and any images that were affected by it are now properly restricted from being resized or positioned outside of their original dimensions using CSS transforms and linear gradients
Timeline
Published on: 11/30/2022 00:15:00 UTC
Last modified on: 12/01/2022 23:32:00 UTC