During March’s patching bout, Microsoft has made available fixes for 21 common security and non-security-related vulnerabilities. None of the exploits on the Patch Tuesday March list bore severity scores or impact levels.
Patch Tuesday March 2022 Roundup
As previously stated, all the fixes delivered by Microsoft revolved around common issues. This month’s Patch Tuesday brought several adjustments for the Chromium-based Microsoft Edge such Use-after-free in Omnibox, heap buffer overflow in ANGLE, heap buffer overflow in CAST UI, inappropriate implementation in HTML pages, out of bounds memory access in Mojo, type confusion in Blink layout, data leak in Canvas, out of bounds memory access in WebXR, and more.
March Highlights in Vulnerabilities. List of all Fixes.
Below, you will find the redacted list of all security and non-security-related vulnerabilities that have been addressed by Microsoft during Patch Tuesday March.
|
CVE Number |
Name of Vulnerability |
| CVE-2022-0809 | Chromium: CVE-2022-0809 – Out of bounds memory access in WebXR |
| CVE-2022-0808 | Chromium: CVE-2022-0808 – Use after free in Chrome OS Shell |
| CVE-2022-0807 | Chromium: CVE-2022-0807 -Inappropriate implementation in Autofill |
| CVE-2022-0806 | Chromium: CVE-2022-0806 – Data leak in Canvas |
| CVE-2022-0805 | Chromium: CVE-2022-0805 – Use after free in Browser Switcher |
| CVE-2022-0804 | Chromium: CVE-2022-0804 -Inappropriate implementation in Full screen mode |
| CVE-2022-0803 | Chromium: CVE-2022-0803 -Inappropriate implementation in Permissions |
| CVE-2022-0802 | Chromium: CVE-2022-0802 -Inappropriate implementation in Full screen mode |
| CVE-2022-0801 | Chromium: CVE-2022-0801 -Inappropriate implementation in HTML parser |
| CVE-2022-0800 | Chromium: CVE-2022-0800 – Heap buffer overflow in Cast UI |
| CVE-2022-0799 | Chromium: CVE-2022-0799 – Insufficient policy enforcement in Installer |
| CVE-2022-0798 | Chromium: CVE-2022-0798 – Use after free in MediaStream |
| CVE-2022-0797 | Chromium: CVE-2022-0797 – Out of bounds memory access in Mojo |
| CVE-2022-0796 | Chromium: CVE-2022-0796 – Use after free in Media |
| CVE-2022-0795 | Chromium: CVE-2022-0795 – Type Confusion in Blink Layout |
| CVE-2022-0794 | Chromium: CVE-2022-0794 – Use after free in WebShare |
| CVE-2022-0793 | Chromium: CVE-2022-0793 – Use after free in Views |
| CVE-2022-0792 | Chromium: CVE-2022-0792 – Out of bounds read in ANGLE |
| CVE-2022-0791 | Chromium: CVE-2022-0791 – Use after free in Omnibox |
| CVE-2022-0790 | Chromium: CVE-2022-0790 – Use after free in Cast UI |
| CVE-2022-0789 | Chromium: CVE-2022-0789 – Heap buffer overflow in ANGLE |
Highlights
CVE-2022-0808 – Use after free in Chrome OS Shell
By leveraging a defective component related to Chrome’s OS Shell, an attacker can remotely trigger a memory corruption by manipulating one or more input leads. The issue was marked as fixed.
CVE-2022-0789 – Heap buffer overflow in ANGLE
A defective component in Chrome may allow a threat actor to trigger a heap buffer overflow in ANGLE via a specially-designed HTML page. The vulnerability has been addressed and fixed by Microsoft.
CVE-2022-0797 – Out of bounds memory access in Mojo
A vulnerability in Mojo allows a threat actor to read information from before the beginning or past the end of a specific memory buffer. The issue was fixed.
CVE-2022-0799 – Insufficient policy enforcement in Installer
A defect found in the Installer’s code block of Google Chrome may allow an unknown party to retrieve sensitive information. CVE-2022-0799 was fixed as part of Patch Tuesday March.
CVE-2022-0807 -Inappropriate implementation in Autofill
A bug in Chrome’s Autofill function may grant a threat actor elevated privileges. The issue’s been earmarked as fixed.
More Cybersecurity Advice and Parting Thoughts
Patch Tuesday March was more about resolving residual Chromium vulnerabilities than other issues. No word yet on the Log4J bounty hunt. As always, before I go, I’m going to share with you some useful tips on how to enhance your cybersecurity posture.
- Asset and software inventory. It’s easier to push your patches if all your eggs are in the same basket. Heimdal ™ Patch & Asset Management can quickly inventory your hardware and software assets and help you push patches, regardless of whether you’re running Windows or Linux.
- Push notifications. Ensure that you inform your employees about patch deployment – and any changes – in a timely manner, especially for those that require a reboot.
- Backup. Regardless of the type of patching solution, you’re using (automatic or traditional), be sure to backup all your apps prior to deployment.
Additional resources:
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtubeand Instagram for more cybersecurity news and topics.
