KLA12493 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Heap buffer overflow vulnerability in WebUI can be exploited to cause denial of service.
2. Use after free in WebRTC vulnerability can be exploited to cause denial of service or execute arbitrary code.
3. Use after free vulnerability in File Manager can be exploited to cause denial of service or execute arbitrary code.
4. Implementation vulnerability in Virtual Keyboard can be exploited to cause denial of service.
5. Type confusion vulnerability in V8 can be exploited to cause denial of service.
6. Implementation vulnerability in Web Cursor can be exploited to cause denial of service.
7. Use after free vulnerability in Tab Strip can be exploited to cause denial of service or execute arbitrary code.
8. Use after free vulnerability in QR Code Generator can be exploited to cause denial of service or execute arbitrary code.
9. Use after free vulnerability in Shopping Cart can be exploited to cause denial of service or execute arbitrary code.
10. Implementation vulnerability in Full Screen Mode can be exploited to cause denial of service.
11. Implementation vulnerability in Background Fetch API can be exploited to cause denial of service.
12. Implementation in Extensions can be exploited to cause denial of service.
13. Insufficient validation of untrusted input in WebOTP can be exploited to cause denial of service.
14. Implementation vulnerability in Web Share API can be exploited to cause denial of service.
15. Use after free vulnerability in Portals can be exploited to cause denial of service or execute arbitrary code.
16. Implementation vulnerability in Resource Timing can be exploited to cause denial of service.
17. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
18. Use after free vulnerability in Cast UI can be exploited to cause denial of service or execute arbitrary code.
19. Use after free vulnerability in WebUI can be exploited to cause denial of service or execute arbitrary code.

Original advisories

Stable Channel Update for Desktop

Related products

Google-Chrome

CVE list

CVE-2022-1143 critical

CVE-2022-1133 critical

CVE-2022-1141 critical

CVE-2022-1132 high

CVE-2022-1134 critical

CVE-2022-1138 high

CVE-2022-1136 critical

CVE-2022-1127 critical

CVE-2022-1135 critical

CVE-2022-1129 high

CVE-2022-1139 high

CVE-2022-1137 high

CVE-2022-1130 critical

CVE-2022-1128 high

CVE-2022-1142 critical

CVE-2022-1125 critical

CVE-2022-1146 high

CVE-2022-1145 critical

CVE-2022-1131 critical

CVE-2022-1144 critical

Solution

Update to the latest version

Download Google Chrome

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Google Chrome earlier than 100.0.4896.60