CVE-2022-0290 – This is a use-after-free vulnerability in Chrom... (How to Fix)

Q: What is the severity of CVE-2022-0290?

CVE-2022-0290 has a CVSS score of 9.6 (CRITICAL). This is a use-after-free vulnerability in Chrome's site isolation feature that allows a remote attacker to escape the browser sandbox via a malicious webpage. It affects all Chrome users running versions before 97.0.4692.99. Successful exploitation could lead to arbitrary code execution on the victim's system.

📋 TL;DR

This is a use-after-free vulnerability in Chrome's site isolation feature that allows a remote attacker to escape the browser sandbox via a malicious webpage. It affects all Chrome users running versions before 97.0.4692.99. Successful exploitation could lead to arbitrary code execution on the victim's system.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: All versions prior to 97.0.4692.99

Operating Systems: Windows, macOS, Linux, Android, ChromeOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Chrome installations with site isolation enabled (default) are vulnerable. Site isolation cannot be disabled without breaking many web security features.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via sandbox escape leading to arbitrary code execution with user privileges, potentially enabling further privilege escalation.

🟠

Likely Case

Remote code execution within the browser context, allowing attacker to steal sensitive data, install malware, or pivot to other systems.

🟢

If Mitigated

No impact if Chrome is updated to patched version or if vulnerable versions are blocked from accessing malicious content.

🌐 Internet-Facing: HIGH - Attack can be triggered by visiting any malicious webpage, making all internet-facing Chrome instances vulnerable.

🏢 Internal Only: MEDIUM - Risk exists if users visit malicious internal pages or if attacker gains internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploit requires user to visit malicious webpage. Public proof-of-concept exists on Packet Storm. The vulnerability is in the renderer process which is sandboxed, making exploitation more complex but feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 97.0.4692.99 and later

Vendor Advisory: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html

Restart Required: Yes

Instructions:

1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for updates and install version 97.0.4692.99 or later. 3. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents exploitation by disabling JavaScript execution, but breaks most modern websites

chrome://settings/content/javascript > Block

Use Chrome Enterprise policies

all

Block access to Chrome until patched via enterprise policies

Use Chrome Enterprise policies to block Chrome usage or force update

🧯 If You Can't Patch

Use alternative browsers until Chrome can be updated
Implement network filtering to block access to known malicious domains and suspicious web content

🔍 How to Verify

Check if Vulnerable:

Check Chrome version via chrome://version or chrome://settings/help. If version is less than 97.0.4692.99, system is vulnerable.

Check Version:

On Windows: "C:\Program Files\Google\Chrome\Application\chrome.exe" --version
On Linux: google-chrome --version
On macOS: /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --version

Verify Fix Applied:

Confirm Chrome version is 97.0.4692.99 or higher via chrome://version. Test with known safe exploit simulation if available.

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports with renderer process failures
Unexpected Chrome child process terminations
Security event logs showing Chrome sandbox violations

Network Indicators:

Unusual outbound connections from Chrome processes
Traffic to known exploit hosting domains
Multiple rapid connections to different domains from single Chrome instance

SIEM Query:

source="chrome_logs" AND (event_type="crash" OR process_name="chrome_renderer") AND version<"97.0.4692.99"

📊 Metadata

CVE ID: CVE-2022-0290

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-416

Published: February 12, 2022

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html Third Party Advisory,VDB Entry
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1260134 Permissions Required,Vendor Advisory
http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html Third Party Advisory,VDB Entry
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1260134 Permissions Required,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0290, you might also want to check these: