CVE-2022-1633 – 1641

Coverage and Recommendation for Lookout Admins

Lookout admins should proactively enable the vulnerability protection policy in the Lookout console and configure it with the appropriate severity and remediation actions that align with their organization’s response workflows. As of June 2nd, 2022, Lookout will alert on Chrome versions 101.0.4951.60 or before as vulnerable.

Overview

External researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are defined in CVE-2022-1633 through CVE-2022-1641 and may enable exploitation via a malcrafted webpage. Successful exploitation may allow the attacker to compromise the user's data on a vulnerable device, and they exist across several components of Chrome.

CVE-2022-1633: Use after free in Sharesheet.
CVE-2022-1634: Use after free in Browser UI.
CVE-2022-1635: Use after free in Permission Prompts.
CVE-2022-1636: Use after free in Performance APIs.
CVE-2022-1637: Inappropriate implementation in Web Contents.
CVE-2022-1638: Heap buffer overflow in V8 Internationalization.
CVE-2022-1639: Use after free in ANGLE.
CVE-2022-1640: Use after free in Sharing.
CVE-2022-1641: Use after free in Web UI Diagnostics.

‍

Lookout Analysis

The most likely way for an attacker to exploit this vulnerability would be to send a link leading to a malcrafted webpage to their target in hopes that the target still has a vulnerable version of Chrome on their device. A successful exploit may grant a threat actor access to Chrome's capabilities without needing to root the device. Mobile device management (MDM) tools will not detect a successful exploitation. In the event of a successful exploit, the actor could have access to any capability that the browser has.