Preface: Chromium is a free and open-source web browser project, principally developed and maintained by Google. This codebase provides the vast majority of code for the Google Chrome browser, which is proprietary software and has some additional features. The new Microsoft Edge is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows, and macOS.
Background: The story begin: Due to the on-demand market trend, Microsoft decided to use the Chromium and Blink rendering engines in 2018. With Microsoft moving away from EdgeHTML. The new Microsoft Edge is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows, and macOS. Chrome based browser in their way to expand the market share. As a result, when chrome have design weakness occurs, it might impact the partner products.
Vulnerability details: CVE-2022-26912 – Microsoft Edge privilege escalation
Microsoft Edge could allow a remote attacker to gain elevated privileges on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Important – The remote host has an web browser installed that is affected by multiple vulnerabilities.
Since Microsoft did not explain the details, symptoms similar to CVE-2022-26912 may appear in this case. Perhaps the following information will attract your interest in digging for more information.
CSS Animations is a module of CSS that lets you animate the values of CSS properties over time, using keyframes. The behavior of these keyframe animations can be controlled by specifying their timing function, duration, their number of repetitions, and other attributes.
As early as 2007, WebKit had announced its intent to include CSS animation, transitions, and transforms as features of WebKit.
Use after free errors occur when a program continues to use a pointer after it has been freed. Under CSS animation circumstance, there is no way to explicitly ask the browser to collect garbage.
Example: Use-After-Free when Array.sort() is called with a comparator function. The two arguments are untracked by the garbage collector.
Solutions: Apply fixes issued by the vendor: Update to version 100.0.1185.29