Use-After-Free in Google Chrome Browser < 112.0.5615.49
Use-After-Free in Google Chrome Browser < 112.0.5615.49
Use-After-Free in Google Chrome Browser < 112.0.5615.49
| CVE ID | CVE-2023-1818 |
| CVE Link | https://nvd.nist.gov/vuln/detail/CVE-2023-1818 |
| Vendor | Google Chrome |
| Affected Product & Version | Google Chrome Browser < 112.0.5615.49 |
| Vulnerability Type | Use-After-Free |
| CVSS Base Score / CVSS Vector | NVD: 8.8 High / CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H BDO: 5.0 Medium / CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
| Author | Patrick Walker |
| Date | 2022-04-04 |
CVE Details
Description:
A Use-After-Free vulnerability in Vulkan in Google Chrome prior to 112.0.5615.49 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Long-running draw calls in SwiftShader can cause ANGLE to emit a “device lost” message or Chrome’s GPU watchdog to be triggered. In either case will the GPU process be shutdown, causing ANGLE to shut down and releasing its Vulkan resources. Due to the shaders still running, previously free’d objects are being accessed, causing a Use-After-Free. As this happens during shutdown operations of the process, exploitability is deemed very unlikely.
Remediation:
Update to the most recent version of Chrome / Chromium.
References:
- https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
- https://crbug.com/1223346
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/
- https://security.gentoo.org/glsa/202309-17
- https://www.debian.org/security/2023/dsa-5386
Timeline:
2021-06-04: Vulnerability reported to Google
2023-03-08: Vulnerability was fixed
2023-04-04: CVE published