Summary
Even though we've moved to newer programming languages than last decade and methodologies for web applications which handles memory management on their own or with very little human interference, there are still some proprietary products which are used on a large scale and written in C/C++ and other languages that allows developer to handle it's memory. The result of this is that it can induce memory management issues viz, Use after free, Out of bounds read, Heap buffer overflow. One such product is Google's Chrome Browser, which has registered 24 CVEs which include multiple kinds of vulnerabilities, among which Memory related issues have a major chunk. These vulnerabilities could allow a remote attacker to cause denial of service, bypass implemented security restrictions, gain access to sensitive information, and execute arbitrary code on the targeted systems.
Suggestion
Check if any of the your applications, products or services use parts of the browser which are affected. Also check if you're using node.js or V8 javascript engine in the product. The reproducibility of the issue have not yet been verified since there is so little data in this context published by Google. The suggestion from google is to update your browsers to their latest version. Our suggestion would be to update all browsers including Chrome, Chromium, Edge, Brave and any other browser which is built upon chromium.
CVE
CVE-2022-1853 to CVE-2022-1876Affected Versions
70.0.3538.67 - 101.0.4951.67
Mitigating Versions
70.0.3538.67 - 101.0.4951.67
Number of issues per category
- Use After Free (Memory Management) 12
- Inappropriate implementation 3
- Insufficient policy enforcement 5
- Others (Out of bounds read, Type confusion, Heap bufferflow, insufficient validation) 4
Related CWEs
CWE-416, CWE-122, CWE-358, CWE-264, CWE-843, CWE-20, CWE-125
Resources
Authors: Narendra Kumawat, Mahesh Saptarshi
For more information contact:contact@cybersecurist.com