March 7, 2022 at 10:12AM

■■■■■ Zero-Day: CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the WebGPU inter-process communication (IPC) Framework.

XSLT is an XML-based language used for the conversion of XML documents into web pages or PDF documents, whereas WebGPU is an emerging web standard that’s been billed as a successor to the current WebGL JavaScript graphics library.

The description of the two flaws is below –

CVE-2022-26485 – Removing an XSLT parameter during processing could lead to an exploitable use-after-free

CVE-2022-26486 – An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape