|CERT-In Vulnerability Note
Multiple Vulnerabilities in Google ChromeOS
Original Issue Date:July 29, 2022
Severity Rating: HIGH
- Google ChromeOS LTS channel version prior to 96.0.4664.215 (Platform Version: 14268.94.0)
Multiple vulnerabilities have been reported in Google ChromeOS which could allow a remote attacker to execute arbitrary code and access sensitive information on the targeted system.
These vulnerabilities exist in Google ChromeOS due to out of bounds read in compositing component, incorrect implementation in Extensions API, use-after-free error within the Blink XSLT component and integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker could exploit these vulnerabilities by sending a specially crafted request on the targeted system.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code and access sensitive information on the targeted system.
Update to Google ChromeOS LTS channel version 96.0.4664.215 as mentioned by the vendor.
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003