First published: Sat Feb 12 2022(Updated: )
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Credit: chrome-cve-admin@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/chromium | <=90.0.4430.212-1~deb10u1 | 116.0.5845.180-1~deb11u1 118.0.5993.70-1~deb11u1 116.0.5845.180-1~deb12u1 118.0.5993.70-1~deb12u1 118.0.5993.70-1 |
Google Chrome | <97.0.4692.71 | |
Google Chrome OS | ||
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-0107.
The title of this vulnerability is 'Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71'.
The description of this vulnerability is 'Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.'
The software affected by this vulnerability is Chromium on Debian versions 90.0.4430.212-1~deb10u1 and earlier, Chrome OS prior to 97.0.4692.71.
To fix this vulnerability, update Chromium to version 90.0.4430.212-1~deb10u1 or later, or update Chrome OS to version 97.0.4692.71 or later.