Errata ALT-PU-2022-1216-1: Information
Fixes
Published: Feb. 1, 2022
BDU:2022-00703
Уязвимость компонента Pointer Lock браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00793
Уязвимость компонента Thumbnail Tab Strip браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00794
Уязвимость компонента Cast браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00795
Уязвимость расширений Extensions браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00796
Уязвимость компонента Accessibility браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00797
Уязвимость компонента Web Search браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00798
Уязвимость компонента Payments браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00799
Уязвимость компонента Extensions Platform браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00810
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00812
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00813
Уязвимость режима чтения Reader Mode браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00816
Уязвимость функции захват экрана (Screen Capture) браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00817
Уязвимость компонента COOP браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00818
Уязвимость компонента Accessibility браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00819
Уязвимость компонента Scroll браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00844
Уязвимость компонента Window Dialog браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0452
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0453
Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0454
Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0455
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0456
Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0457
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0458
Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0459
Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0460
Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0461
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Links:
Published: April 5, 2022
Modified: April 12, 2022
Modified: April 12, 2022
CVE-2022-0462
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0463
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0464
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0465
Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 13, 2022
Modified: April 13, 2022
CVE-2022-0466
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 12, 2022
Modified: April 12, 2022
CVE-2022-0467
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0468
Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0469
Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0470
Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 3, 2023
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-4025
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links: