Google releases Long-term Support (LTS) update for Chrome OS 96 with fixes for multiple vulnerabilities

Google has released Long-term Support (LTS) candidate update for Chrome OS version 96 with fixes for multiple vulnerabilities.

An attacker could exploit these vulnerabilities to take control of impacted systems.

In all, the Chrome OS 96 update addressed 2 Critical and 13 High severity vulnerabilities:

  1. CVE-2022-0096: Critical AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState
  2. CVE-2022-0289: Critical Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails
  3. CVE-2022-0290: High Security: RenderFrameHostImpl logic error leading browser UAF
  4. CVE-2022-0291: High Insufficient fix for CVE-2021-4057 (Site Isolation bypass in BlobRegistryImpl)
  5. CVE-2022-0292: High Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins
  6. CVE-2022-0293: High Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles
  7. CVE-2022-0294: High Security: Inappropriate implementation in PushMessaging
  8. CVE-2022-0295: High Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId
  9. CVE-2022-0296: High UAF in PrintViewManagerBase
  10. CVE-2022-0298: High AddressSanitizer: use-after-poison in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers
  11. CVE-2022-0300: High Security: UAF in DateTimeChooserAndroid::ReplaceDateTime
  12. CVE-2022-0302: High Security: Heap-use-after-free in OmniboxViewViews::MaybeAddSendTabToSelfItem
  13. CVE-2022-0304: High Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded
  14. CVE-2022-0305: High Security: Inappropriate implementation in ServiceWorkerContainerHost::EnsureFileAccess
  15. CVE-2022-0306: High Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail.

To add, the Chrome OS 96 update also addressed 6 other Medium severity vulnerabilities.