Multiple Vulnerabilities in Google ChromeOS 

Indian - Computer Emergency Response Team (cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google ChromeOS Stable channel versions prior to 108.0.5359.71 for Mac and Linux

Google ChromeOS Stable channel versions prior to 108.0.5359.71/72 for Windows

Overview

Multiple vulnerabilities have been reported in Google Chrome OS which could be exploited by a remote attacker to bypass security restrictions, execute arbitrary code or cause denial of service condition on the targeted system.

Description

Multiple vulnerabilities exist in Google Chrome OS due to type confusion in V8; Use after free in Camera Capture, Extensions, Mojo, Audio, Forms, Sign-In, Live Caption and Accessibility;  Out-of bounds write in Lacros Graphics; Inappropriate implementation in Fenced Frames and Navigation; Insufficient policy enforcement in Popup Blocker, Autofill, DevTools, File System API and Safe Browsing; Insufficient validation of untrusted input in Downloads and CORS; Insufficient data validation in Directory. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web site.

Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restriction, execute arbitrary code or cause denial of service condition on the targeted system.

Solution

Apply appropriate updates as mentioned

Vendor Information

Google Chrome

References

Google Chrome

CVE Name

CVE-2022-4174

CVE-2022-4175

CVE-2022-4176

CVE-2022-4177

CVE-2022-4178

CVE-2022-4179

CVE-2022-4180

CVE-2022-4181

CVE-2022-4182

CVE-2022-4183

CVE-2022-4184

CVE-2022-4185

CVE-2022-4186

CVE-2022-4187

CVE-2022-4188

CVE-2022-4189

CVE-2022-4190

CVE-2022-4191

CVE-2022-4192

CVE-2022-4193

CVE-2022-4194

CVE-2022-4195