CVE-2022-0107
📋 TL;DR
This is a use-after-free vulnerability in Chrome OS's File Manager API that allows heap corruption. Attackers can exploit it by convincing users to install a malicious extension and visit a crafted HTML page. It affects Chrome OS users running versions before 97.0.4692.71.
💻 Affected Systems
- Google Chrome on Chrome OS
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through heap corruption leading to arbitrary code execution with user privileges, potentially allowing attacker persistence and data theft.
Likely Case
Extension-based attack leading to browser compromise, session hijacking, and limited file system access through the File Manager API.
If Mitigated
No impact if Chrome OS is updated to patched version or if users avoid installing untrusted extensions.
🎯 Exploit Status
Exploitation requires social engineering to install malicious extension and visit crafted page. No public exploit code available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 97.0.4692.71 and later
Vendor Advisory: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome OS settings. 2. Click 'About Chrome OS'. 3. Click 'Check for updates'. 4. Install available update. 5. Restart device when prompted.
🔧 Temporary Workarounds
Disable extension installation
allPrevent users from installing extensions to block the attack vector
chrome://settings/content
Navigate to 'Additional content settings' > 'Extensions' > 'Do not allow any site to install extensions'
Remove suspicious extensions
allReview and remove any unknown or untrusted extensions
chrome://extensions
Remove any extensions not explicitly trusted
🧯 If You Can't Patch
- Implement strict extension whitelisting policies
- Educate users about risks of installing untrusted extensions
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in settings: chrome://settings/helpCheck Version:
chrome://versionVerify Fix Applied:
Verify Chrome version is 97.0.4692.71 or higher📡 Detection & Monitoring
Log Indicators:
- Unexpected extension installations
- File Manager API access from unusual extensions
- Chrome crash reports with heap corruption signatures
Network Indicators:
- Downloads of suspicious extension files
- Connections to domains hosting crafted HTML pages
SIEM Query:
source="chrome_extension_logs" AND (event="install" AND extension_id NOT IN [approved_list]) OR source="chrome_crash_reports" AND error="heap_corruption"🔗 References
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://crbug.com/1248438
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://crbug.com/1248438
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
