Microsoft Shares Details on Critical ChromeOS Vulnerability
Tracked as CVE-2022-2587 (CVSS score of 9.8) and described as an out-of-bounds write, the vulnerability was addressed with the release of a patch in June. The issue was identified in the CRAS (ChromiumOS Audio Server) component, and could be triggered using malformed metadata associated with songs. CRAS resides between the operating system and ALSA (Advanced…