Errata ALT-PU-2022-2611-1: Information
Fixes
Published: July 4, 2022
BDU:2022-04198
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: July 4, 2022
BDU:2022-04600
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Links:
Published: Aug. 5, 2022
BDU:2022-04877
Уязвимость настроек Settings браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 5, 2022
BDU:2022-04883
Уязвимость браузеров Google Chrome и Microsoft Edge, связанная с недостаточной проверкой входных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 5, 2022
BDU:2022-04884
Уязвимость обработчика PDF-содержимого PDFium браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 5, 2022
BDU:2022-04886
Уязвимость расширений браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 16, 2022
BDU:2022-05020
Уязвимость компонента Federated Credential Management браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Aug. 16, 2022
BDU:2022-05021
Уязвимость библиотеки SwiftShader браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Aug. 16, 2022
BDU:2022-05022
Уязвимость библиотеки ANGLE браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 17, 2022
BDU:2022-05023
Уязвимость механизма отображения веб-страниц Blink браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 22, 2022
BDU:2022-05150
Уязвимость командной строки Chrome OS Shell (CROSH), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 16, 2022
BDU:2022-05151
Уязвимость компонента входа в систему Sign-In браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 21, 2022
BDU:2022-05152
Уязвимость компонента Extensions API браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Aug. 18, 2022
BDU:2022-05153
Уязвимость механизма обработки файлов cookie браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности и раскрыть защищаемую информацию
Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Links:
Published: July 27, 2022
BDU:2022-05323
Уязвимость компонента Views браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
BDU:2022-05354
Уязвимость механизма обработки файлов cookie браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности и раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 12, 2022
BDU:2022-05355
Уязвимость компонента Background Fetch браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 27, 2022
BDU:2022-05357
Уязвимость обработчика PDF-содержимого браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
BDU:2022-05359
Уязвимость гостевого режима браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2022
BDU:2022-05360
Уязвимость службы Worker API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
BDU:2022-05361
Уязвимость компонента входа в систему Sign-In браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
BDU:2022-05428
Уязвимость браузеров Google Chrome и Microsoft Edge, связанная с раскрытием информации через несоответствие, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 12, 2022
BDU:2022-05429
Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
BDU:2022-05430
Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Aug. 12, 2022
BDU:2022-05432
Уязвимость адресной строки Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
BDU:2022-05439
Уязвимость службы Safe Browsing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05448
Уязвимость службы Network браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05449
Уязвимость модуля WebSQL браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05450
Уязвимость компонента Layout браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05451
Уязвимость модуля WebSQL браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05452
Уязвимость функция PhoneHub браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05453
Уязвимость функции захват экрана (Screen Capture) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05454
Уязвимость функции изоляции сайтов (Site Isolation) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05455
Уязвимость обработчика JavaScript-сценариев V8 браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05456
Уязвимость компонента Browser Tag браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05457
Уязвимость элемента управления вкладками Tab Strip браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05458
Уязвимость компонента Extensions API браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Links:
Published: Aug. 30, 2022
BDU:2022-05459
Уязвимость экрана блокировки операционной системы Chrome OS, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05460
Уязвимость режима разделения экрана SplitScreen браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 30, 2022
BDU:2022-05461
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05462
Уязвимость компонента Exosphere браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05463
Уязвимость расширения Window Manager браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05464
Уязвимость компонента Pointer Lock браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Aug. 30, 2022
BDU:2022-05465
Уязвимость набора инструментов для веб-разработки DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Links:
Published: Aug. 30, 2022
BDU:2022-05466
Уязвимость диспетчера паролей браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 30, 2022
BDU:2022-05467
Уязвимость реализации механизма CSP (Content Security Policy) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: Aug. 30, 2022
BDU:2022-05468
Уязвимость изолированной среды iframe браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: Aug. 30, 2022
BDU:2022-05469
Уязвимость компонента входа в систему Sign-In браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Links:
Published: Aug. 31, 2022
BDU:2022-05490
Уязвимость функции Browser Creation операционной системы Chrome OS, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 2, 2022
BDU:2022-05499
Уязвимость IPC-библиотеки Mojo браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 22, 2022
BDU:2022-05628
Уязвимость компонента Dawn браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: May 31, 2022
BDU:2022-05629
Уязвимость интерфейса API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 2, 2022
BDU:2023-01060
Уязвимость оконного менеджера браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2163
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 25, 2023
Modified: Nov. 25, 2023
CVE-2022-2294
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2295
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2477
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2478
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2480
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2481
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2603
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2604
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2605
Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2606
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2610
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2612
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2614
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2615
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2616
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2617
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2618
Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2619
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: Aug. 12, 2022
Modified: Feb. 2, 2024
Modified: Feb. 2, 2024
CVE-2022-2621
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 12, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2624
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 3, 2023
Modified: Jan. 9, 2023
Modified: Jan. 9, 2023
CVE-2022-2743
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2852
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2854
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2855
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2857
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2858
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2859
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2860
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-2861
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Sept. 26, 2022
Modified: Sept. 27, 2022
Modified: Sept. 27, 2022
CVE-2022-2998
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Feb. 15, 2024
Modified: Feb. 15, 2024
CVE-2022-3038
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3039
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3040
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3041
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3042
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3043
Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3044
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3045
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3046
Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3047
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3048
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.
Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3049
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3050
Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3051
Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3052
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3053
Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3054
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3055
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3056
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3058
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3071
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 26, 2022
Modified: Feb. 15, 2024
Modified: Feb. 15, 2024
CVE-2022-3075
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links: