A significant ChromeOS vulnerability that might be used to launch denial-of-service (DoS) attacks and, in certain circumstances, execute remote code was disclosed by Microsoft on Friday.
The vulnerability, identified as CVE-2022-2587 (CVSS score of 9.8) and categorized as an out-of-bounds write, was fixed with the publication of a patch in June. The problem was discovered in the CRAS (ChromiumOS Audio Server) component and could be brought on by songs with corrupted metadata.
According to Microsoft, the susceptible component has a mechanism that pulls the ‘identification’ of a song’s title from its information. An attacker able to change the audio metadata could potentially trigger the vulnerability.
For more such updates follow us on Google News ITsecuritywire News