Google Project Zero have published new details of a Webkit vulnerability, initially for an impact on Apple’s Safari, but which could possibly impact the PS4 and PS5 (same Webkit base).

CVE-2022-22620: Use-after-free in Safari – Could Impact PS4/PS5

The vulnerability is a use-after-free in Webkit’s History API (API which lets manipulate which pages have been visited, e.g. for use with the “back” button), which interestingly had been fixed in 2013 but reintroduced in 2016.

The vulnerability was patched in February 2022.

Assuming the involved APIs are present on PS4/PS5’s version of Webkit, it is possible that some recent PS4 firmwares are impacted: 9.03/9.04 were released in 2021. 9.50 was released in March and could have the vulnerability. on the PS5 side, March 2022 was the release of Firmware 4.51. It could mean 4.51 itself is impacted as well.

Our tests of the provided proof-of-concept on PS4 9.60 did not yield any meaningful result. This could be down to randomness, or the bug being patched in PS4’s latest firmwares, or simply the bug not impacted PS4/PS5 at all, pending confirmation from hackers looking into it.

CVE-2022-22620 – Files

Those interested to reproduce the issue on PS4 or PS5 can have a look at the following documents:

• Google Project Zero Writeup
• Google Project Zero summary

Source: Google Project Zero, via Zecoxao