CVE-2022-0799
📋 TL;DR
This vulnerability allows a remote attacker to escalate privileges on Windows systems by tricking users into running a malicious Chrome offline installer. It affects Google Chrome on Windows versions before 99.0.4844.51. Attackers could gain SYSTEM-level access by exploiting insufficient policy enforcement in the installer.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with SYSTEM privileges, allowing installation of persistent malware, credential theft, and complete control of the affected Windows machine.
Likely Case
Local privilege escalation leading to unauthorized software installation, configuration changes, and lateral movement within the network.
If Mitigated
Limited impact if users only install Chrome from official sources and have proper endpoint protection that detects malicious installers.
🎯 Exploit Status
Exploitation requires user interaction (running malicious installer) but is straightforward once the malicious file is executed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 99.0.4844.51 and later
Vendor Advisory: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome 2. Click menu (three dots) → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' to restart Chrome with the fixed version
🔧 Temporary Workarounds
Use Chrome Online Installer
windowsOnly install Chrome using the online installer from chrome.google.com instead of offline installer files
Block Offline Installer Execution
windowsUse Group Policy to prevent execution of Chrome offline installers
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome" -Name "AllowOfflineInstallers" -Value 0 -PropertyType DWORD -Force
🧯 If You Can't Patch
- Restrict user permissions to prevent local privilege escalation
- Implement application whitelisting to block unauthorized installer execution
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: if below 99.0.4844.51 on Windows, system is vulnerableCheck Version:
chrome://version/ or "chrome --version" in command lineVerify Fix Applied:
Confirm Chrome version is 99.0.4844.51 or higher📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing Chrome installer execution with unusual parameters
- Process creation events for chrome_installer.exe with suspicious parent processes
Network Indicators:
- Downloads of Chrome offline installer from non-Google domains
- Unusual network traffic following installer execution
SIEM Query:
Process Name="chrome_installer.exe" AND Parent Process NOT IN ("chrome.exe", "msiexec.exe")🔗 References
- https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
- https://crbug.com/1279188
- https://security.gentoo.org/glsa/202208-25
- https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
- https://crbug.com/1279188
- https://security.gentoo.org/glsa/202208-25
