Long Term Support Channel Update

The LTS Candidate LTC-96 has been updated to 96.0.4664.180 (Platform Version: 14268.670.0) for most ChromeOS devices. Want to know more about Long-term Support? Click here.

This update includes the following Security fixes:
CVE-2022-0096 CriticalSUMMARY: AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState
CVE-2022-0289 Critical Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails
CVE-2022-0290 High Security: RenderFrameHostImpl logic error leading browser UAF
CVE-2022-0291 High Insufficient fix for CVE-2021-4057 (Site Isolation bypass in BlobRegistryImpl)
CVE-2022-0292 High Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins
CVE-2022-0293 High Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles
CVE-2022-0294 High Security: Inappropriate implementation in PushMessaging
CVE-2022-0295 High Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId
CVE-2022-0296 High UAF in PrintViewManagerBase
CVE-2022-0298 High AddressSanitizer: use-after-poison frame_or_worker_scheduler.cc:88 in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers
CVE-2022-0300 High Security: UAF in DateTimeChooserAndroid::ReplaceDateTime
CVE-2022-0302 High Security: Heap-use-after-free in OmniboxViewViews::MaybeAddSendTabToSelfItem
CVE-2022-0304 High Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded
CVE-2022-0305 High Security: Inappropriate implementation in ServiceWorkerContainerHost::EnsureFileAccess
CVE-2022-0306 High Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail
CVE-2021-41990 Medium CrOS: Vulnerability reported in net-vpn/strongswan
CVE-2022-0109 Medium Security: scrollTop of ListBox autofill preview discloses sensitive information
CVE-2022-0307 Medium Heap-use-after-free in optimization_guide::OptimizationGuideStore::ClearFetchedHintsFromDatabase
CVE-2022-0309 Medium Security: Page can cause autofill prompt to render under cursor in order to bypass mouse movement/keyboard input requirements for autofill
CVE-2022-0310 Medium Heap-buffer-overflow in TableView::OnItemsRemoved
CVE-2022-0311 Medium Container-overflow in TableView::UpdateVirtualAccessibilityChildrenBounds


Giuliana Pritchard
Google Chrome OS