A recent use-after-free vulnerability in Google Chrome’s WebGPU standard was found by Cisco Talos.
Cross-platform web browser Google Chrome is built on the open-source Chromium code, which is used by Google and other software companies to construct their own browsers. WebGPU, a JavaScript API for handling accelerated 3-D graphics and other operations in the browser, has this particular flaw.
If a user accesses a specially constructed web page in Chrome, TALOS-2022-1508 (CVE-2022-2399) happens. That page might cause a use-after-free condition in the programme, which an attacker could employ to further influence the browser.
In accordance with Cisco’s vulnerability disclosure policy, Cisco Talos collaborated with Google to verify that this problem was fixed and that an update was made available to customers who were affected.
Users are advised to update Google Chrome, version 102.0.4956.0 (64-bit), and version 99.0.4844.82 as soon as possible (64-bit). These Chrome versions can be exploited by this issue, according to Talos’ testing.
Exploitation attempts against this vulnerability will be discovered by the following Snort rules: 59448 and 59449. In the absence of new vulnerability information, further regulations could be provided in the future, and the ones that are already in place could change. Please consult your Firepower Management Center or Snort.org for the most recent rule information.
Reference: https://blog.talosintelligence.com/2022/07/chrome-web-gpu-useafterfree.html?&web_view=true
