Chrome for Android and Chrome OS Allow Arbitrary Code Execution

Fortify Security Team
May 10, 2022

Multiple vulnerabilities have been discovered in Google Chrome for Android and Chrome OS, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Chrome OS is a proprietary Linux-based operating system designed by Google. It is derived from the open-source Chromium OS and uses the Google Chrome web browser as its principal user interface. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the application.

THREAT INTELLIGENCE: There are currently no reports that these vulnerabilities are being exploited in the wild.

SYSTEMS AFFECTED:

  • Google Chrome for Android versions prior to 101.0.4951.61
  • Google Chrome for Desktop versions prior to 101.0.4951.64
  • Chrome OS versions prior to 101.0.4951.59

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: Low

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Google Chrome for Android and Chrome OS, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • Chrome for Android
    • Use after free in Sharesheet (CVE-2022-1633)
    • Use after free in Browser UI (CVE-2022-1634)
    • Use after free in Permission Prompts (CVE-2022-1635)
    • Use after free in Performance APIs (CVE-2022-1636)
    • Inappropriate implementation in Web Contents (CVE-2022-1637)
    • Heap buffer overflow in V8 Internationalization (CVE-2022-1638)
    • Use after free in ANGLE (CVE-2022-1639)
    • Use after free in Sharing ( CVE-2022-1640)
    • Use after free in Web UI Diagnostic
    • s (CVE-2022-1641)
  • Chrome OS
    • Heap Use-after-free in Window Manager
    • Use after free in Chrome OS shell.
    • Heap buffer overflow in Window Manager.
    • Use-after-free in file selection dialog
    • Use-after-free in PPD file selection dialog
    • Use-after-free in file selection dialog
    • Buffer overflow in Shelf
  • Chrome for Desktop
    • Use after free in Sharesheet. (CVE-2022-1633)
    • Use after free in Browser UI. (CVE-2022-1634)
    • Use after free in Permission Prompts. (CVE-2022-1635)
    • Use after free in Performance APIs. (CVE-2022-1636)
    • Inappropriate implementation in Web Contents. (CVE-2022-1637)
    • Heap buffer overflow in V8 Internationalization. (CVE-2022-1638)
    • Use after free in ANGLE. (CVE-2022-1639)
    • Use after free in Sharing.( CVE-2022-1640)
    • Use after free in Web UI Diagnostics. (CVE-2022-1641)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the applications. Depending on the privileges associated with the applications, an attacker could view, change, or delete data. If these applications have been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if they were configured with administrative rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Google:
https://learn.cisecurity.org/e/799323/2022-05-10/2419fn/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://chromereleases.googleblog.com/

CVE:
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1633/2419fr/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1634/2419fv/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1635/2419fy/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1636/2419g2/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1637/2419g5/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1638/2419g8/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1639/2419gc/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1640/2419gg/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8
https://learn.cisecurity.org/e/799323/cvename-cgi-name-CVE-2022-1641/2419gk/314288746?h=Za_dmJ6arlrb5XZtQlqkjG4ZUU5B_jrKoAmynjfQJi8

Recent Posts

Karakurt Data Extortion Group

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide...

WatchGuard Firebox and XTM Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered in WatchGuard Firebox and XTM appliances, the most severe of which could allow for Remote code execution. WatchGuard Firebox is a unified security platform that gives IT professionals the network visibility tools to ensure...

Splunk Enterprise Servers Allow Arbitrary Code Execution

A vulnerability in Splunk Enterprise Deployment Servers Could Allow for Arbitrary Code Execution. Splunk Universal Forwarders, in which the vulnerability lies, are used to send data from a machine to a data receiver usually Splunk.  If an attacker is able to...

Cisco Email Security Appliance Allows for Authentication Bypass

A vulnerability in Cisco Email Security Appliance, Cisco Secure Email & Web Manager could Allow for an authentication bypass under specific conditions. Exploitation of this vulnerability could allow for an unauthenticated attacker to gain unauthorized access to...