Emergency Vulnerability Bulletin - 11/28/22

11/28/22 11:27 AM  |  by RedLegg Blog

Google Chrome Heap Buffer Overflow Vulnerability

Identifier: CVE-2022-4135

Exploit or POC: Yes (Actively Being Exploited)


Description: CVE-2022-4135 contains a heap overflow vulnerability identified within the GPU of Google Chrome, preceding version 107.0.5304.121. This vulnerability will allow an attacker to achieve sandbox escape functionality via a specially crafted HTML page. Successfully exploiting this vulnerability requires an attacker to have previously compromised the renderer process within the software.

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.


Quarkus Remote Code Execution (RCE) Vulnerability

Identifier: CVE-2022-4116

Exploit or POC: No


Description: CVE-2022-4116 allows for drive-by local host attacks provoking remote code execution. This vulnerability lies within the Dev UI Config Editor while the machine is running. Successful exploitation requires an attacker to entice a targeted user into visiting a specially crafted webpage while the Dev UI is running. Please note: a fix for the Red Hat Build of Quarkus 2.7 has not been published to date. See vendor resources for updates. Red Hat Security CVE-2022-4116

Mitigation recommendation: Mitigation steps listed here:

RedLegg Action:  None at this time.

Blog - Zero-Day


Critical Security Vulnerabilities Bulletin