Table of Contents
  • Home
  • /
  • Blog
  • /
  • 14 New 0-Day Vulnerabilities in Chrome OS – Update Your Chrome OS ASAP
September 5, 2022
|
5m

14 New 0-Day Vulnerabilities in Chrome OS – Update Your Chrome OS ASAP


14 New 0 Day Vulnerabilities In Chrome Os E2 80 93 Update Your Chrome Os Asap

There is an advisory from Google for those who have been using Chrome OS. In the advisory, Google mentioned 14 new 0-day vulnerabilities in Chrome OS and asked users to upgrade the operating system as soon as possible.

Google has fixed these vulnerabilities by rolling out an update on the 31st of August. Well, the company hasn’t notified any traces of active exploitation in the wild. The advisory has a list of 14 vulnerabilities, of which 4 are identified as high, and the remaining 10 are medium in severity. The reported vulnerabilities would be abused to carry out arbitrary code execution and denial of service attacks on the vulnerable version of Chrome OS by remote attackers.

List 14 New 0-Day Vulnerabilities in Chrome OS

In the update Google shared, it has fixed these 14 0-day vulnerabilities in Chrome OS, of which 4 is High, and the remaining 10 are Medium in severity. Please see the list as under. Successful exploitation could lead to arbitrary code execution and denial of service attacks on the vulnerable version of ChromeOS by remote attackers.

  1. CVE-2022-2857: It is a High severity vulnerability in Blink

  2. CVE-2022-2998: It is a High severity vulnerability in Browser Creation

  3. CVE-2022-2607: It is a High severity vulnerability in WebUI

  4. CVE-2022-2606: It is a High severity vulnerability in Managed devices API

  5. CVE-2022-2859: It is a Medium severity vulnerability in Chrome OS Shell

  6. CVE-2022-2860: It is a Medium severity vulnerability due to insufficient policy enforcement in Cookies.

  7. CVE-2022-2861: It is a Medium severity vulnerability due to inappropriate implementation in Extensions API

  8. CVE-2022-2624: It is a Medium severity Heap buffer overflow vulnerability in PDF

  9. CVE-2022-2614: It is a Medium severity vulnerability in Sign-In Flow

  10. CVE-2022-2621: It is a Medium severity vulnerability in Extensions

  11. CVE-2022-2612: It is a Medium severity Side-channel information leakage vulnerability in Keyboard input

  12. CVE-2022-2620: It is a Medium severity vulnerability in WebUI

  13. CVE-2022-2615: It is a Medium  severity vulnerability due to insufficient policy enforcement in Cookies

  14. CVE-2022-2617: It is a Medium severity vulnerability in Extensions API

Chrome OS Versions Affected by These 0-Day Vulnerabilities

It’s been said that all the LTS versions prior to 96.0..4664.219 (Platform Version: 14268.104.0).

How to Fix These 0-Day Vulnerabilities in Chrome OS?

Google responded and released updates on 31st August to fix all the 14 New 0-Day Vulnerabilities in Chrome OS. All the Chrome OS users are suggested to upgrade to v96.0..4664.219 (Platform Version: 14268.104.0). Please refer to the security advisory by Google.

How to Upgrade Chrome OS?

Well, Chrome OS is designed to fetch upgrades by itself. Most of the time, auto-upgrade will work. Your Chrome OS didn’t receive upgrades for any reason, and you will have to kick start the process manually.  Then you can follow any one of the methods shown here.

Method 1: Manual Upgrade From Settings

  1. Click on the Settings icon on the Task Bar.

  2. Choose the ‘About Chrome OS‘.

  3. Click on ‘Check for Updates‘. The upgrade process will get started if your OS is connected to the internet.

For some reason, if auto-upgrade didn’t get fired up. Follow the Method 2.

Method 2: Upgrade Using Brunch Framework

Step 1. Open Terminal

Click Crtl + Alt + T and keys together to open Crosh Shell.

Step 2. Open shell

Enter ‘shell‘ command to open the shell.

Step 3. Download brcr-update

Use this curl command to download brcr-update as shone here:
$ curl -L -o – https://git.io/JLh1V | sudo bash

Step 4. Update brcr-update

Run this command. That’s it.
$ brcr-update

Method 3: Manually Update Brunch and Chrome OS Together

  1. Download the latest Brunch release and the latest recovery matching your install and extract the bin.

  2. Click Crtl + Alt + T and keys together to open Crosh Shell.

  3. Update the Brunch using the following command:

$ sudo chromeos-update -r ~/Downloads/<path to recovery filw> -f ~/Downloads/<path of brunch archive file>

4. Restart the Chrome OS.

Method 4: Upgrade Only Chrome Os Skipping Brunch Framework

This is the easiest way to upgrade the Chrome OS. All you need to do enable_updates framework option, then carry out the upgradation from the ‘Settings’ as shown in Method 1. This is not the recommended method.

  1. Click Crtl + Alt + T and keys together to open Crosh Shell.

  2. Open the Brunch Configuration Menu using the below command:

$ sudo edit-brunch-config

3. Add enable_updates as shone in the picture. Save the changes.

  1. Reboot the Chrome OS.

  2. Click on the Settings icon on the TaskBar.

  3. Choose the ‘About Chrome OS‘.

  4. Click on ‘Check for Updates‘. The upgrade process will get started if your OS is connected to the internet.

Watch this video created by

.

Source:

We hope this post would help you know how to patch the 14 new 0-day vulnerabilities in Chrome OS. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, Medium & Instagram, and subscribe to receive updates like this.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe