Tag Archives: LTS

Long Term Support Channel Update

The LTS Candidate LTC-96 has been updated to 96.0.4664.194 (Platform Version: 14268.73.0) for most ChromeOS devices. Want to know more about Long-term Support? Click here


This update includes the following Security fixes: 

 CVE-2022-0099 High heap-use-after-free in OnBrowserSetLastActive 

 CVE-2022-0308 Medium Security: AddressSanitizer: heap-use-after-free on drag_drop_controller.cc (chromeOS and Lacros) 

 CVE-2022-0453 High Security: UAF in DistilledPagePrefs::SetFontScaling 

 CVE-2022-0456 High Security: heap-use-after-free in TemplateURLFetcher::RequestDelegate::OnTemplateURLParsed 

CVE-2022-0460 Medium SUMMARY: AddressSanitizer: heap-use-after-free web_view_impl.cc:1020 in blink::WebViewImpl::ClosePagePopup 

 CVE-2022-0465 Medium Heap-use-after-free in extensions::ChromeExtensionsBrowserClient::GetOriginalContext 

 CVE-2022-0603 High UAF in printing 

 CVE-2022-0608 High Security: Integer overflow in HandleTable::AddDispatchersFromTransit leading to memory corruption 


 Giuliana Pritchard 

 Google Chrome OS

Long Term Support Channel Update

The LTS Candidate LTC-96 has been updated to 96.0.4664.180 (Platform Version: 14268.670.0) for most ChromeOS devices. Want to know more about Long-term Support? Click here.

This update includes the following Security fixes:
CVE-2022-0096 CriticalSUMMARY: AddressSanitizer: heap-use-after-free base/bind_internal.h:535:12 in BindState
CVE-2022-0289 Critical Security: heap-use-after-free in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails
CVE-2022-0290 High Security: RenderFrameHostImpl logic error leading browser UAF
CVE-2022-0291 High Insufficient fix for CVE-2021-4057 (Site Isolation bypass in BlobRegistryImpl)
CVE-2022-0292 High Security: FencedFrames reachable from compromised renderer due to lacking features::isEnabled(kFencedFrames) checks in Browser Process and FencedFrame::Navigate can navigate to file:// and chrome:// origins
CVE-2022-0293 High Security: UAF in ChromeContentBrowserClient::CreateURLLoaderThrottles
CVE-2022-0294 High Security: Inappropriate implementation in PushMessaging
CVE-2022-0295 High Security: Heap-use-after-free in ui::MenuModel::GetModelAndIndexForCommandId
CVE-2022-0296 High UAF in PrintViewManagerBase
CVE-2022-0298 High AddressSanitizer: use-after-poison frame_or_worker_scheduler.cc:88 in blink::FrameOrWorkerScheduler::NotifyLifecycleObservers
CVE-2022-0300 High Security: UAF in DateTimeChooserAndroid::ReplaceDateTime
CVE-2022-0302 High Security: Heap-use-after-free in OmniboxViewViews::MaybeAddSendTabToSelfItem
CVE-2022-0304 High Security: UAF in BookmarkDragHelper::OnBookmarkIconLoaded
CVE-2022-0305 High Security: Inappropriate implementation in ServiceWorkerContainerHost::EnsureFileAccess
CVE-2022-0306 High Security: heap-buffer-overflow in chrome_pdf::PDFiumEngine::RequestThumbnail
CVE-2021-41990 Medium CrOS: Vulnerability reported in net-vpn/strongswan
CVE-2022-0109 Medium Security: scrollTop of ListBox autofill preview discloses sensitive information
CVE-2022-0307 Medium Heap-use-after-free in optimization_guide::OptimizationGuideStore::ClearFetchedHintsFromDatabase
CVE-2022-0309 Medium Security: Page can cause autofill prompt to render under cursor in order to bypass mouse movement/keyboard input requirements for autofill
CVE-2022-0310 Medium Heap-buffer-overflow in TableView::OnItemsRemoved
CVE-2022-0311 Medium Container-overflow in TableView::UpdateVirtualAccessibilityChildrenBounds


Giuliana Pritchard
Google Chrome OS