CVE-2022-0099: Use after free in Sign-in

Q: What is the severity of CVE-2022-0099?

CVE-2022-0099 has a severity rating classified as high due to its potential for exploitation via heap corruption.

Q: How do I fix CVE-2022-0099?

To fix CVE-2022-0099, users should update to Google Chrome version 97.0.4692.71 or later.

Q: What types of systems are affected by CVE-2022-0099?

CVE-2022-0099 affects various systems using Google Chrome versions prior to 97.0.4692.71, including Debian and Fedora distributions.

Q: Can CVE-2022-0099 be exploited remotely?

Yes, CVE-2022-0099 can be exploited remotely by an attacker who convinces a user to perform specific gestures.

Q: What impact does CVE-2022-0099 have on users?

The impact of CVE-2022-0099 includes potential heap corruption which could allow for unauthorized actions on the user's system.

Published Sep 1, 2021

Updated

Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.

Credit

Rox

Affected Software

6 affected componentsFixes available

debian/chromium<=90.0.4430.212-1~deb10u1

116.0.5845.180-1~deb11u1118.0.5993.70-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.70-1~deb12u1118.0.5993.70-1

Google Chrome<97.0.4692.71

97.0.4692.71

Google Chrome<97.0.4692.71

fedoraproject fedora=34

fedoraproject fedora=35

fedoraproject fedora=36

Remediation

Patch Available

https://crbug.com/1245629

Event History

Sep 1, 2021

CVE Published

12:00 AM

Feb 11, 2022

CVE Published

via MITRE·11:35 PM

Data Sourced

via MITRE·11:35 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

3758141203538733592

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2022-0099?