Google has released Long-term Support (LTS) candidate update for Chrome OS version 96 with fixes for multiple vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
In all, the Chrome OS 96 update addressed 2 Critical and 13 High severity vulnerabilities:
- CVE-2022-0096: Critical AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState
- CVE-2022-0289: Critical Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails
- CVE-2022-0290: High Security: RenderFrameHostImpl logic error leading browser UAF
- CVE-2022-0291: High Insufficient fix for CVE-2021-4057 (Site Isolation bypass in BlobRegistryImpl)
- CVE-2022-0292: High Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins
- CVE-2022-0293: High Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles
- CVE-2022-0294: High Security: Inappropriate implementation in PushMessaging
- CVE-2022-0295: High Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId
- CVE-2022-0296: High UAF in PrintViewManagerBase
- CVE-2022-0298: High AddressSanitizer: use-after-poison frame_or_worker_scheduler.cc:88 in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers
- CVE-2022-0300: High Security: UAF in DateTimeChooserAndroid::ReplaceDateTime
- CVE-2022-0302: High Security: Heap-use-after-free in OmniboxViewViews::MaybeAddSendTabToSelfItem
- CVE-2022-0304: High Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded
- CVE-2022-0305: High Security: Inappropriate implementation in ServiceWorkerContainerHost::EnsureFileAccess
- CVE-2022-0306: High Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail.
To add, the Chrome OS 96 update also addressed 6 other Medium severity vulnerabilities.