Skip to content

Google Chrome Vulnerability - 20221129003

Overview

The WA SOC is aware that Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

What is the vulnerability ?

CVE-2022-4135 - Google Chrome Heap Buffer Overflow Vulnerability

A heap overflow condition is a Buffer overflow and often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.The flaw allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

What is vulnerable ?

Google Chrome versions numbers prior to 107.0.5304.121

What has been observed ?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. However, Google is aware that an exploit for CVE-2022-4135 exists in the wild.

Recommendation

  • Apply the Google emergency security update

Reference