CVE-2022-0107: Use after free in File Manager API
First published: Fri Sep 10 2021(Updated: )
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Credit: chrome-cve-admin@google.com raven @raid_akame
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | <=90.0.4430.212-1~deb10u1 | 116.0.5845.180-1~deb11u1 118.0.5993.70-1~deb11u1 116.0.5845.180-1~deb12u1 118.0.5993.70-1~deb12u1 118.0.5993.70-1 |
| Google Chrome | <97.0.4692.71 | |
| Google Chrome OS | ||
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Google Chrome | <97.0.4692.71 | 97.0.4692.71 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2022-0107
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html (Advisory)
- https://crbug.com/1248438
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-0096
- CVE-2022-0097
- CVE-2022-0098
- CVE-2022-0099
- CVE-2022-0100
- CVE-2022-0101
- CVE-2022-0337
- CVE-2022-0102
- CVE-2022-0103
- CVE-2022-4924
- CVE-2022-0104
- CVE-2022-0105
- CVE-2022-0106
- CVE-2022-0108
- CVE-2022-0109
- CVE-2022-0110
- CVE-2022-0111
- CVE-2022-0112
- CVE-2022-0113
- CVE-2022-0114
- CVE-2022-0115
- CVE-2022-0116
- CVE-2022-0117
- CVE-2022-0118
- CVE-2022-0120
- CVE-2022-4925
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-0107.
What is the title of this vulnerability?
The title of this vulnerability is 'Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71'.
What is the description of this vulnerability?
The description of this vulnerability is 'Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.'
What software is affected by this vulnerability?
The software affected by this vulnerability is Chromium on Debian versions 90.0.4430.212-1~deb10u1 and earlier, Chrome OS prior to 97.0.4692.71.
How can I fix this vulnerability?
To fix this vulnerability, update Chromium to version 90.0.4430.212-1~deb10u1 or later, or update Chrome OS to version 97.0.4692.71 or later.
- collector/security-tracker-debian
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/chrome-releases
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- package-manager/debian
- vendor/google
- canonical/google chrome
- canonical/google chrome os
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36