CVE-2022-1919 - How a Use-After-Free in Chrome’s Codecs Led to Remote Exploits
---
When people say “update Chrome,” it’s usually for good reason. CVE-2022-1919 is one of the reasons—it was a critical bug that
CVE-2022-2158 In earlier versions of Chrome, a remote attacker could exploit heap corruption via a crafted HTML page.
A cross-site scripting issue was discovered in V8 in Google Chrome prior to 103.0.5060.53. A remote attacker could exploit this by
CVE-2022-2157 An attacker who broke the renderer process could exploit heap corruption on a compromised page.
This issue was addressed by ensuring that renderer processes have a non-zero PID, ensuring that renderer processes have a non-zero PID, and disabling
CVE-2022-2165 URLs in Google Chrome prior to 103.0.5060.53 were not validated properly and were vulnerable to domain spoofing.
Chrome prior to 103.0.5060.54, Firefox prior to 52.0, and Opera prior to 55.0 did not prevent access to domains with
CVE-2022-2164 In the past, Extensions API in Google Chrome allowed attackers to bypass access control by convincing a user to install a malicious extension.
This issue was fixed in Google Chrome 103.0.5060.53. Users can protect themselves from this risk by updating to the latest version of
Episode
00:00:00
00:00:00