Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-0603

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in File Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0604

Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

CVE-2022-0605

Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a use-after-free error within the Webstore API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

CVE-2022-0606

Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

CVE-2022-0607

Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

CVE-2022-0608

Google Chrome could allow a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to integer overflow in Mojo component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

CVE-2022-0609

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Animation. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0610

Google Chrome could allow a remote attacker to gain access to sensitive information. The vulnerability exists due to incorrect implementation in Gamepad API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Impact

• Denial of Service
• Remote Code Execution
• Gain Access
• Privilege Escalation

Indicators of Compromise

CVEs

• CVE-2022-0603
• CVE-2022-0604
• CVE-2022-0605
• CVE-2022-0606
• CVE-2022-0607
• CVE-2022-0608
• CVE-2022-0609
• CVE-2022-0610

Affected Vendors

• Google

Affected Products

• Google Chrome 98

Remediation

Update to version 98.0.4758.102 from here: