Errata ALT-PU-2022-2055-1: Information
Package name: chromium-gost
Version: 102.0.5005.61-alt0.p10.1
Bulletin updated: June 15, 2022
Task: #301742
Fixes
Published: March 8, 2022
BDU:2020-04989
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: March 7, 2022
BDU:2020-05187
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00703
Уязвимость компонента Pointer Lock браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00793
Уязвимость компонента Thumbnail Tab Strip браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00794
Уязвимость компонента Cast браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00795
Уязвимость расширений Extensions браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00796
Уязвимость компонента Accessibility браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00797
Уязвимость компонента Web Search браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00798
Уязвимость компонента Payments браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00799
Уязвимость компонента Extensions Platform браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00810
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00812
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00813
Уязвимость режима чтения Reader Mode браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00816
Уязвимость функции захват экрана (Screen Capture) браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00817
Уязвимость компонента COOP браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00818
Уязвимость компонента Accessibility браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 1, 2022
BDU:2022-00819
Уязвимость компонента Scroll браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 1, 2022
BDU:2022-00844
Уязвимость компонента Window Dialog браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 16, 2022
BDU:2022-00946
Уязвимость компонента GPU браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 16, 2022
BDU:2022-00947
Уязвимость набора библиотек времени выполнения Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 16, 2022
BDU:2022-00955
Уязвимость компонента Gamepad API браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 16, 2022
BDU:2022-00966
Уязвимость компонента Tab Groups браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 16, 2022
BDU:2022-00967
Уязвимость компонента File Manager браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 16, 2022
BDU:2022-00968
Уязвимость компонента Webstore API браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 16, 2022
BDU:2022-00969
Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 27, 2021
BDU:2022-01076
Уязвимость модуля отображения веб-страниц Blink браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 28, 2022
BDU:2022-01077
Уязвимость компонента Views браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 10, 2022
BDU:2022-01168
Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 29, 2022
BDU:2022-01169
Уязвимость оболочки операционной системы OS Shell браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Dec. 31, 2021
BDU:2022-01170
Уязвимость компонента Canvas браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 20, 2021
BDU:2022-01171
Уязвимость модуля преобразуования HTML-кода HTML parser браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Dec. 21, 2021
BDU:2022-01174
Уязвимость набора библиотек времени выполнения Mojo браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 14, 2022
BDU:2022-01230
Уязвимость реализации функции автозаполнения Autofill браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: Dec. 15, 2021
BDU:2022-01236
Уязвимость настройки разрешений Permissions браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на целостность, доступность и конфиденциальность защищаемой информации
Severity: MEDIUM (5.5) Vector: AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: Dec. 9, 2021
BDU:2022-01276
Уязвимость адресной строки Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 26, 2021
BDU:2022-01277
Уязвимость интерфейса Cast UI браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 11, 2022
BDU:2022-01278
Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 3, 2022
BDU:2022-01284
Уязвимость компонента WebXR браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Aug. 24, 2021
BDU:2022-01288
Уязвимость интерфейса Cast UI браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольной код
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: Nov. 14, 2021
BDU:2022-01289
Уязвимость реализации режима Full Screen Mode браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на целостность, доступность и конфиденциальность защищаемой информации
Severity: MEDIUM (5.5) Vector: AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: Oct. 29, 2021
BDU:2022-01297
Уязвимость реализации режима Full Screen Mode браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: March 17, 2022
BDU:2022-01321
Уязвимость режима разделения экрана SplitScreen браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 12, 2021
BDU:2022-01354
Уязвимость компонента установки Installer браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Dec. 30, 2021
BDU:2022-01355
Уязвимость компонента MediaStream браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Feb. 4, 2022
BDU:2022-01365
Уязвимость прикладного программного интерфейса для обмена данными Web Share браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 21, 2022
BDU:2022-01383
Уязвимость макета Blink Layout модуля отображения Blink браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Feb. 13, 2022
BDU:2022-01421
Уязвимость процесса GPU Process браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 21, 2022
BDU:2022-01423
Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 3, 2022
BDU:2022-01426
Уязвимость службы Safe Browsing браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 9, 2022
BDU:2022-01428
Уязвимость библиотеки ANGLE браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 25, 2022
BDU:2022-01471
Уязвимость обработчика JavaScript-сценариев V8 браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 15, 2022
BDU:2022-01494
Уязвимость службы Safe Browsing браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2022
BDU:2022-01513
Уязвимость компонента Browser UI браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2022
BDU:2022-01514
Уязвимость библиотеки ANGLE браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 28, 2022
BDU:2022-01516
Уязвимость компонента Расширения Extensions браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 2, 2022
BDU:2022-01519
Уязвимость реализации элемента управления «New Tab» («Новая кладка») браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Sept. 3, 2021
BDU:2022-01904
Уязвимость компонента Web Cursor браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Feb. 15, 2022
BDU:2022-01909
Уязвимость интерфейса Cast UI браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 28, 2022
BDU:2022-01910
Уязвимость расширения QR Code Generator браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 25, 2020
BDU:2022-01911
Уязвимость интерфейса WebOTP API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 1, 2022
BDU:2022-01912
Уязвимость реализации полноэкранного режима (Full Screen Mode) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 1, 2022
BDU:2022-01913
Уязвимость прикладного программного интерфейса для обмена данными Web Share браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 9, 2022
BDU:2022-01917
Уязвимость компонента Shopping Cart браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: March 13, 2022
BDU:2022-01918
Уязвимость расширения WebRTC браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 21, 2022
BDU:2022-01919
Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 7, 2022
BDU:2022-01920
Уязвимость компонента Virtual Keyboard браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 5, 2022
BDU:2022-01921
Уязвимость файлового менеджера(File Manager) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Nov. 10, 2021
BDU:2022-01922
Уязвимость программного интерфейса Background Fetch API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Jan. 29, 2022
BDU:2022-01939
Уязвимость компонента Portals браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 9, 2022
BDU:2022-01966
Уязвимость компонента Extensions браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: March 7, 2022
BDU:2022-01967
Уязвимость пользовательского интерфейса WebUI браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 15, 2021
BDU:2022-01968
Уязвимость элемента управления вкладками «Tab Strip» браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Jan. 22, 2022
BDU:2022-01969
Уязвимость компонента Extensions браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Jan. 23, 2022
BDU:2022-01970
Уязвимость интерфейса Resource Timing API браузеров Google Chrome и Microsoft Edge связана, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: Feb. 21, 2022
BDU:2022-02115
Уязвимость браузера Google Chrome, связанная с некорректно реализованной проверкой безопасности для стандартных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 28, 2021
BDU:2022-02139
Уязвимость компонента BFCache браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 7, 2021
BDU:2022-02140
Уязвимость хранилища Storage браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 18, 2022
BDU:2022-02176
Уязвимость браузера Google Chrome, связанная с ошибками при обработке регулярных выражений, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 17, 2020
BDU:2022-02177
Уязвимость набора инструментов для веб-разработчиков Developer Tools браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 30, 2022
BDU:2022-02178
Уязвимость хранилища Storage браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 16, 2021
BDU:2022-02179
Уязвимость реализации расширения «Группы вкладок» браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Nov. 16, 2021
BDU:2022-02180
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: April 14, 2022
BDU:2022-02336
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03186
Уязвимость компонента WebApp браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Links:
Published: May 24, 2022
BDU:2022-03204
Уязвимость компонента Sharing браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03205
Уязвимость компонента UI Foundations браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03272
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03310
Уязвимость компонента Data Transfer браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03323
Уязвимость интерфейса File System API браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти введенные ограничения безопасности
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03325
Уязвимость компонента обучения пользователей браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03326
Уязвимость библиотеки ANGLE браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03327
Уязвимость компонента обмена сообщениями браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03329
Уязвимость браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03331
Уязвимость реализации Extensions браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: HIGH (8.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
Links:
Published: May 24, 2022
BDU:2022-03332
Уязвимость компонента Bookmarks браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03347
Уязвимость компонента Performance Manager браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 24, 2022
BDU:2022-03367
Уязвимость компонента Tab Groups браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: May 24, 2022
BDU:2022-03386
Уязвимость набора инструментов для веб-разработки DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03824
Уязвимость интерфейса File System API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03825
Уязвимость режима планшета браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03826
Уязвимость набора инструментов DevTools браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на целостность данных
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: May 24, 2022
BDU:2022-03827
Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03828
Уязвимость компонента COOP браузера Google Chrome , позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03829
Уязвимость службы Safe Browsing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03830
Уязвимость плагина PDF браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: May 24, 2022
BDU:2022-03831
Уязвимость интерфейса API расширений браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: May 31, 2022
BDU:2022-04377
Уязвимость браузеров Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0452
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0453
Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0454
Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0456
Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0457
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0458
Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0459
Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0460
Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0461
Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Links:
Published: April 5, 2022
Modified: April 12, 2022
Modified: April 12, 2022
CVE-2022-0462
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0463
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0464
Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0465
Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 13, 2022
Modified: April 13, 2022
CVE-2022-0466
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 12, 2022
Modified: April 12, 2022
CVE-2022-0467
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0468
Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0469
Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0470
Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 12, 2022
Modified: April 12, 2022
CVE-2022-0603
Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0604
Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0605
Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0606
Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 11, 2022
Modified: April 11, 2022
CVE-2022-0607
Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: April 8, 2022
Modified: April 8, 2022
CVE-2022-0608
Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Feb. 15, 2024
Modified: Feb. 15, 2024
CVE-2022-0609
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0610
Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0789
Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Jan. 24, 2023
Modified: Jan. 24, 2023
CVE-2022-0790
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Sept. 28, 2022
Modified: Sept. 28, 2022
CVE-2022-0791
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Jan. 24, 2023
Modified: Jan. 24, 2023
CVE-2022-0792
Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: April 5, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0793
Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0794
Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0795
Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0796
Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0797
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0798
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0799
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Jan. 24, 2023
Modified: Jan. 24, 2023
CVE-2022-0800
Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 3, 2023
Modified: Jan. 9, 2023
Modified: Jan. 9, 2023
CVE-2022-0801
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: April 5, 2022
Modified: Sept. 28, 2022
Modified: Sept. 28, 2022
CVE-2022-0802
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0803
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: April 5, 2022
Modified: Sept. 28, 2022
Modified: Sept. 28, 2022
CVE-2022-0804
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: April 5, 2022
Modified: Sept. 28, 2022
Modified: Sept. 28, 2022
CVE-2022-0805
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0806
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: April 5, 2022
Modified: Sept. 28, 2022
Modified: Sept. 28, 2022
CVE-2022-0807
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: April 5, 2022
Modified: Jan. 24, 2023
Modified: Jan. 24, 2023
CVE-2022-0808
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 5, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-0809
Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0971
Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0972
Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0973
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0974
Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0975
Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0976
Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0977
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0978
Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0979
Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-0980
Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-1096
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-1125
Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2022-1127
Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-1128
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1129
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1130
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1131
Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1132
Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1133
Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: June 12, 2023
Modified: June 12, 2023
CVE-2022-1134
Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1135
Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1136
Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2022-1137
Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 23, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-1138
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: July 23, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-1139
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 23, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1141
Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1142
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1143
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1144
Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1145
Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-1146
Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 25, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1232
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 25, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1305
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 25, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1306
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: July 25, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1308
Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 25, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1309
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: July 25, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1310
Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 25, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1312
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: July 25, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1313
Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 25, 2022
Modified: Nov. 27, 2023
Modified: Nov. 27, 2023
CVE-2022-1314
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1364
Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1477
Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1478
Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1479
Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Oct. 3, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-1480
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1481
Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-1482
Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1483
Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1484
Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1485
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2022-1486
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1487
Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1488
Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1489
Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1490
Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1491
Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1492
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1493
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Sept. 1, 2022
Modified: Sept. 1, 2022
CVE-2022-1494
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: July 27, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1495
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: July 27, 2022
Modified: Oct. 27, 2022
Modified: Oct. 27, 2022
CVE-2022-1496
Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1497
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: July 27, 2022
Modified: Oct. 27, 2022
Modified: Oct. 27, 2022
CVE-2022-1498
Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: July 27, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1499
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: July 27, 2022
Modified: Oct. 27, 2022
Modified: Oct. 27, 2022
CVE-2022-1500
Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: July 27, 2022
Modified: Oct. 27, 2022
Modified: Oct. 27, 2022
CVE-2022-1501
Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 27, 2022
Modified: July 28, 2022
Modified: July 28, 2022
CVE-2022-1638
Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1639
Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1640
Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1853
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1854
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1855
Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1856
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1857
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1858
Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1859
Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1860
Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1861
Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1862
Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1863
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1864
Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1865
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1866
Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-1867
Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1868
Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1869
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1870
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1871
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1872
Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1873
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 28, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-1874
Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1875
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: July 28, 2022
Modified: Oct. 26, 2022
Modified: Oct. 26, 2022
CVE-2022-1876
Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-1919
Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 29, 2022
Modified: Aug. 2, 2022
Modified: Aug. 2, 2022
CVE-2022-2399
Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 3, 2023
Modified: Jan. 9, 2023
Modified: Jan. 9, 2023
CVE-2022-3863
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H
Links:
Published: Jan. 3, 2023
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-4025
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links: