Headline
Gentoo Linux Security Advisory 202208-25
Gentoo Linux Security Advisory 202208-25 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory GLSA 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372 ID: 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been found in Chromium and itsderivatives, the worst of which could result in remote code execution.Background=========Chromium is an open-source browser project that aims to build a safer,faster, and more stable way for all users to experience the web.Google Chrome is one fast, simple, and secure browser for all yourdevices.Microsoft Edge is a browser that combines a minimal design withsophisticated technology to make the web faster, safer, and easier.Affected packages================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-qt/qtwebengine < 5.15.5_p20220618>= 5.15.5_p20220618 2 www-client/chromium < 103.0.5060.53 >= 103.0.5060.53 3 www-client/google-chrome < 103.0.5060.53 >= 103.0.5060.53 4 www-client/microsoft-edge < 101.0.1210.47 >= 101.0.1210.47Description==========Multiple vulnerabilities have been discovered in Chromium and itsderivatives. Please review the CVE identifiers referenced below fordetails.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All Chromium binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"All Microsoft Edge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All QtWebEngine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.5_p20220618"References=========[ 1 ] CVE-2021-4052 https://nvd.nist.gov/vuln/detail/CVE-2021-4052[ 2 ] CVE-2021-4053 https://nvd.nist.gov/vuln/detail/CVE-2021-4053[ 3 ] CVE-2021-4054 https://nvd.nist.gov/vuln/detail/CVE-2021-4054[ 4 ] CVE-2021-4055 https://nvd.nist.gov/vuln/detail/CVE-2021-4055[ 5 ] CVE-2021-4056 https://nvd.nist.gov/vuln/detail/CVE-2021-4056[ 6 ] CVE-2021-4057 https://nvd.nist.gov/vuln/detail/CVE-2021-4057[ 7 ] CVE-2021-4058 https://nvd.nist.gov/vuln/detail/CVE-2021-4058[ 8 ] CVE-2021-4059 https://nvd.nist.gov/vuln/detail/CVE-2021-4059[ 9 ] CVE-2021-4061 https://nvd.nist.gov/vuln/detail/CVE-2021-4061[ 10 ] CVE-2021-4062 https://nvd.nist.gov/vuln/detail/CVE-2021-4062[ 11 ] CVE-2021-4063 https://nvd.nist.gov/vuln/detail/CVE-2021-4063[ 12 ] CVE-2021-4064 https://nvd.nist.gov/vuln/detail/CVE-2021-4064[ 13 ] CVE-2021-4065 https://nvd.nist.gov/vuln/detail/CVE-2021-4065[ 14 ] CVE-2021-4066 https://nvd.nist.gov/vuln/detail/CVE-2021-4066[ 15 ] CVE-2021-4067 https://nvd.nist.gov/vuln/detail/CVE-2021-4067[ 16 ] CVE-2021-4068 https://nvd.nist.gov/vuln/detail/CVE-2021-4068[ 17 ] CVE-2021-4078 https://nvd.nist.gov/vuln/detail/CVE-2021-4078[ 18 ] CVE-2021-4079 https://nvd.nist.gov/vuln/detail/CVE-2021-4079[ 19 ] CVE-2021-30551 https://nvd.nist.gov/vuln/detail/CVE-2021-30551[ 20 ] CVE-2022-0789 https://nvd.nist.gov/vuln/detail/CVE-2022-0789[ 21 ] CVE-2022-0790 https://nvd.nist.gov/vuln/detail/CVE-2022-0790[ 22 ] CVE-2022-0791 https://nvd.nist.gov/vuln/detail/CVE-2022-0791[ 23 ] CVE-2022-0792 https://nvd.nist.gov/vuln/detail/CVE-2022-0792[ 24 ] CVE-2022-0793 https://nvd.nist.gov/vuln/detail/CVE-2022-0793[ 25 ] CVE-2022-0794 https://nvd.nist.gov/vuln/detail/CVE-2022-0794[ 26 ] CVE-2022-0795 https://nvd.nist.gov/vuln/detail/CVE-2022-0795[ 27 ] CVE-2022-0796 https://nvd.nist.gov/vuln/detail/CVE-2022-0796[ 28 ] CVE-2022-0797 https://nvd.nist.gov/vuln/detail/CVE-2022-0797[ 29 ] CVE-2022-0798 https://nvd.nist.gov/vuln/detail/CVE-2022-0798[ 30 ] CVE-2022-0799 https://nvd.nist.gov/vuln/detail/CVE-2022-0799[ 31 ] CVE-2022-0800 https://nvd.nist.gov/vuln/detail/CVE-2022-0800[ 32 ] CVE-2022-0801 https://nvd.nist.gov/vuln/detail/CVE-2022-0801[ 33 ] CVE-2022-0802 https://nvd.nist.gov/vuln/detail/CVE-2022-0802[ 34 ] CVE-2022-0803 https://nvd.nist.gov/vuln/detail/CVE-2022-0803[ 35 ] CVE-2022-0804 https://nvd.nist.gov/vuln/detail/CVE-2022-0804[ 36 ] CVE-2022-0805 https://nvd.nist.gov/vuln/detail/CVE-2022-0805[ 37 ] CVE-2022-0806 https://nvd.nist.gov/vuln/detail/CVE-2022-0806[ 38 ] CVE-2022-0807 https://nvd.nist.gov/vuln/detail/CVE-2022-0807[ 39 ] CVE-2022-0808 https://nvd.nist.gov/vuln/detail/CVE-2022-0808[ 40 ] CVE-2022-0809 https://nvd.nist.gov/vuln/detail/CVE-2022-0809[ 41 ] CVE-2022-0971 https://nvd.nist.gov/vuln/detail/CVE-2022-0971[ 42 ] CVE-2022-0972 https://nvd.nist.gov/vuln/detail/CVE-2022-0972[ 43 ] CVE-2022-0973 https://nvd.nist.gov/vuln/detail/CVE-2022-0973[ 44 ] CVE-2022-0974 https://nvd.nist.gov/vuln/detail/CVE-2022-0974[ 45 ] CVE-2022-0975 https://nvd.nist.gov/vuln/detail/CVE-2022-0975[ 46 ] CVE-2022-0976 https://nvd.nist.gov/vuln/detail/CVE-2022-0976[ 47 ] CVE-2022-0977 https://nvd.nist.gov/vuln/detail/CVE-2022-0977[ 48 ] CVE-2022-0978 https://nvd.nist.gov/vuln/detail/CVE-2022-0978[ 49 ] CVE-2022-0979 https://nvd.nist.gov/vuln/detail/CVE-2022-0979[ 50 ] CVE-2022-0980 https://nvd.nist.gov/vuln/detail/CVE-2022-0980[ 51 ] CVE-2022-1096 https://nvd.nist.gov/vuln/detail/CVE-2022-1096[ 52 ] CVE-2022-1125 https://nvd.nist.gov/vuln/detail/CVE-2022-1125[ 53 ] CVE-2022-1127 https://nvd.nist.gov/vuln/detail/CVE-2022-1127[ 54 ] CVE-2022-1128 https://nvd.nist.gov/vuln/detail/CVE-2022-1128[ 55 ] CVE-2022-1129 https://nvd.nist.gov/vuln/detail/CVE-2022-1129[ 56 ] CVE-2022-1130 https://nvd.nist.gov/vuln/detail/CVE-2022-1130[ 57 ] CVE-2022-1131 https://nvd.nist.gov/vuln/detail/CVE-2022-1131[ 58 ] CVE-2022-1132 https://nvd.nist.gov/vuln/detail/CVE-2022-1132[ 59 ] CVE-2022-1133 https://nvd.nist.gov/vuln/detail/CVE-2022-1133[ 60 ] CVE-2022-1134 https://nvd.nist.gov/vuln/detail/CVE-2022-1134[ 61 ] CVE-2022-1135 https://nvd.nist.gov/vuln/detail/CVE-2022-1135[ 62 ] CVE-2022-1136 https://nvd.nist.gov/vuln/detail/CVE-2022-1136[ 63 ] CVE-2022-1137 https://nvd.nist.gov/vuln/detail/CVE-2022-1137[ 64 ] CVE-2022-1138 https://nvd.nist.gov/vuln/detail/CVE-2022-1138[ 65 ] CVE-2022-1139 https://nvd.nist.gov/vuln/detail/CVE-2022-1139[ 66 ] CVE-2022-1141 https://nvd.nist.gov/vuln/detail/CVE-2022-1141[ 67 ] CVE-2022-1142 https://nvd.nist.gov/vuln/detail/CVE-2022-1142[ 68 ] CVE-2022-1143 https://nvd.nist.gov/vuln/detail/CVE-2022-1143[ 69 ] CVE-2022-1144 https://nvd.nist.gov/vuln/detail/CVE-2022-1144[ 70 ] CVE-2022-1145 https://nvd.nist.gov/vuln/detail/CVE-2022-1145[ 71 ] CVE-2022-1146 https://nvd.nist.gov/vuln/detail/CVE-2022-1146[ 72 ] CVE-2022-1232 https://nvd.nist.gov/vuln/detail/CVE-2022-1232[ 73 ] CVE-2022-1305 https://nvd.nist.gov/vuln/detail/CVE-2022-1305[ 74 ] CVE-2022-1306 https://nvd.nist.gov/vuln/detail/CVE-2022-1306[ 75 ] CVE-2022-1307 https://nvd.nist.gov/vuln/detail/CVE-2022-1307[ 76 ] CVE-2022-1308 https://nvd.nist.gov/vuln/detail/CVE-2022-1308[ 77 ] CVE-2022-1309 https://nvd.nist.gov/vuln/detail/CVE-2022-1309[ 78 ] CVE-2022-1310 https://nvd.nist.gov/vuln/detail/CVE-2022-1310[ 79 ] CVE-2022-1311 https://nvd.nist.gov/vuln/detail/CVE-2022-1311[ 80 ] CVE-2022-1312 https://nvd.nist.gov/vuln/detail/CVE-2022-1312[ 81 ] CVE-2022-1313 https://nvd.nist.gov/vuln/detail/CVE-2022-1313[ 82 ] CVE-2022-1314 https://nvd.nist.gov/vuln/detail/CVE-2022-1314[ 83 ] CVE-2022-1364 https://nvd.nist.gov/vuln/detail/CVE-2022-1364[ 84 ] CVE-2022-1477 https://nvd.nist.gov/vuln/detail/CVE-2022-1477[ 85 ] CVE-2022-1478 https://nvd.nist.gov/vuln/detail/CVE-2022-1478[ 86 ] CVE-2022-1479 https://nvd.nist.gov/vuln/detail/CVE-2022-1479[ 87 ] CVE-2022-1480 https://nvd.nist.gov/vuln/detail/CVE-2022-1480[ 88 ] CVE-2022-1481 https://nvd.nist.gov/vuln/detail/CVE-2022-1481[ 89 ] CVE-2022-1482 https://nvd.nist.gov/vuln/detail/CVE-2022-1482[ 90 ] CVE-2022-1483 https://nvd.nist.gov/vuln/detail/CVE-2022-1483[ 91 ] CVE-2022-1484 https://nvd.nist.gov/vuln/detail/CVE-2022-1484[ 92 ] CVE-2022-1485 https://nvd.nist.gov/vuln/detail/CVE-2022-1485[ 93 ] CVE-2022-1486 https://nvd.nist.gov/vuln/detail/CVE-2022-1486[ 94 ] CVE-2022-1487 https://nvd.nist.gov/vuln/detail/CVE-2022-1487[ 95 ] CVE-2022-1488 https://nvd.nist.gov/vuln/detail/CVE-2022-1488[ 96 ] CVE-2022-1489 https://nvd.nist.gov/vuln/detail/CVE-2022-1489[ 97 ] CVE-2022-1490 https://nvd.nist.gov/vuln/detail/CVE-2022-1490[ 98 ] CVE-2022-1491 https://nvd.nist.gov/vuln/detail/CVE-2022-1491[ 99 ] CVE-2022-1492 https://nvd.nist.gov/vuln/detail/CVE-2022-1492[ 100 ] CVE-2022-1493 https://nvd.nist.gov/vuln/detail/CVE-2022-1493[ 101 ] CVE-2022-1494 https://nvd.nist.gov/vuln/detail/CVE-2022-1494[ 102 ] CVE-2022-1495 https://nvd.nist.gov/vuln/detail/CVE-2022-1495[ 103 ] CVE-2022-1496 https://nvd.nist.gov/vuln/detail/CVE-2022-1496[ 104 ] CVE-2022-1497 https://nvd.nist.gov/vuln/detail/CVE-2022-1497[ 105 ] CVE-2022-1498 https://nvd.nist.gov/vuln/detail/CVE-2022-1498[ 106 ] CVE-2022-1499 https://nvd.nist.gov/vuln/detail/CVE-2022-1499[ 107 ] CVE-2022-1500 https://nvd.nist.gov/vuln/detail/CVE-2022-1500[ 108 ] CVE-2022-1501 https://nvd.nist.gov/vuln/detail/CVE-2022-1501[ 109 ] CVE-2022-1633 https://nvd.nist.gov/vuln/detail/CVE-2022-1633[ 110 ] CVE-2022-1634 https://nvd.nist.gov/vuln/detail/CVE-2022-1634[ 111 ] CVE-2022-1635 https://nvd.nist.gov/vuln/detail/CVE-2022-1635[ 112 ] CVE-2022-1636 https://nvd.nist.gov/vuln/detail/CVE-2022-1636[ 113 ] CVE-2022-1637 https://nvd.nist.gov/vuln/detail/CVE-2022-1637[ 114 ] CVE-2022-1639 https://nvd.nist.gov/vuln/detail/CVE-2022-1639[ 115 ] CVE-2022-1640 https://nvd.nist.gov/vuln/detail/CVE-2022-1640[ 116 ] CVE-2022-1641 https://nvd.nist.gov/vuln/detail/CVE-2022-1641[ 117 ] CVE-2022-1853 https://nvd.nist.gov/vuln/detail/CVE-2022-1853[ 118 ] CVE-2022-1854 https://nvd.nist.gov/vuln/detail/CVE-2022-1854[ 119 ] CVE-2022-1855 https://nvd.nist.gov/vuln/detail/CVE-2022-1855[ 120 ] CVE-2022-1856 https://nvd.nist.gov/vuln/detail/CVE-2022-1856[ 121 ] CVE-2022-1857 https://nvd.nist.gov/vuln/detail/CVE-2022-1857[ 122 ] CVE-2022-1858 https://nvd.nist.gov/vuln/detail/CVE-2022-1858[ 123 ] CVE-2022-1859 https://nvd.nist.gov/vuln/detail/CVE-2022-1859[ 124 ] CVE-2022-1860 https://nvd.nist.gov/vuln/detail/CVE-2022-1860[ 125 ] CVE-2022-1861 https://nvd.nist.gov/vuln/detail/CVE-2022-1861[ 126 ] CVE-2022-1862 https://nvd.nist.gov/vuln/detail/CVE-2022-1862[ 127 ] CVE-2022-1863 https://nvd.nist.gov/vuln/detail/CVE-2022-1863[ 128 ] CVE-2022-1864 https://nvd.nist.gov/vuln/detail/CVE-2022-1864[ 129 ] CVE-2022-1865 https://nvd.nist.gov/vuln/detail/CVE-2022-1865[ 130 ] CVE-2022-1866 https://nvd.nist.gov/vuln/detail/CVE-2022-1866[ 131 ] CVE-2022-1867 https://nvd.nist.gov/vuln/detail/CVE-2022-1867[ 132 ] CVE-2022-1868 https://nvd.nist.gov/vuln/detail/CVE-2022-1868[ 133 ] CVE-2022-1869 https://nvd.nist.gov/vuln/detail/CVE-2022-1869[ 134 ] CVE-2022-1870 https://nvd.nist.gov/vuln/detail/CVE-2022-1870[ 135 ] CVE-2022-1871 https://nvd.nist.gov/vuln/detail/CVE-2022-1871[ 136 ] CVE-2022-1872 https://nvd.nist.gov/vuln/detail/CVE-2022-1872[ 137 ] CVE-2022-1873 https://nvd.nist.gov/vuln/detail/CVE-2022-1873[ 138 ] CVE-2022-1874 https://nvd.nist.gov/vuln/detail/CVE-2022-1874[ 139 ] CVE-2022-1875 https://nvd.nist.gov/vuln/detail/CVE-2022-1875[ 140 ] CVE-2022-1876 https://nvd.nist.gov/vuln/detail/CVE-2022-1876[ 141 ] CVE-2022-2007 https://nvd.nist.gov/vuln/detail/CVE-2022-2007[ 142 ] CVE-2022-2010 https://nvd.nist.gov/vuln/detail/CVE-2022-2010[ 143 ] CVE-2022-2011 https://nvd.nist.gov/vuln/detail/CVE-2022-2011[ 144 ] CVE-2022-2156 https://nvd.nist.gov/vuln/detail/CVE-2022-2156[ 145 ] CVE-2022-2157 https://nvd.nist.gov/vuln/detail/CVE-2022-2157[ 146 ] CVE-2022-2158 https://nvd.nist.gov/vuln/detail/CVE-2022-2158[ 147 ] CVE-2022-2160 https://nvd.nist.gov/vuln/detail/CVE-2022-2160[ 148 ] CVE-2022-2161 https://nvd.nist.gov/vuln/detail/CVE-2022-2161[ 149 ] CVE-2022-2162 https://nvd.nist.gov/vuln/detail/CVE-2022-2162[ 150 ] CVE-2022-2163 https://nvd.nist.gov/vuln/detail/CVE-2022-2163[ 151 ] CVE-2022-2164 https://nvd.nist.gov/vuln/detail/CVE-2022-2164[ 152 ] CVE-2022-2165 https://nvd.nist.gov/vuln/detail/CVE-2022-2165[ 153 ] CVE-2022-22021 https://nvd.nist.gov/vuln/detail/CVE-2022-22021[ 154 ] CVE-2022-24475 https://nvd.nist.gov/vuln/detail/CVE-2022-24475[ 155 ] CVE-2022-24523 https://nvd.nist.gov/vuln/detail/CVE-2022-24523[ 156 ] CVE-2022-26891 https://nvd.nist.gov/vuln/detail/CVE-2022-26891[ 157 ] CVE-2022-26894 https://nvd.nist.gov/vuln/detail/CVE-2022-26894[ 158 ] CVE-2022-26895 https://nvd.nist.gov/vuln/detail/CVE-2022-26895[ 159 ] CVE-2022-26900 https://nvd.nist.gov/vuln/detail/CVE-2022-26900[ 160 ] CVE-2022-26905 https://nvd.nist.gov/vuln/detail/CVE-2022-26905[ 161 ] CVE-2022-26908 https://nvd.nist.gov/vuln/detail/CVE-2022-26908[ 162 ] CVE-2022-26909 https://nvd.nist.gov/vuln/detail/CVE-2022-26909[ 163 ] CVE-2022-26912 https://nvd.nist.gov/vuln/detail/CVE-2022-26912[ 164 ] CVE-2022-29144 https://nvd.nist.gov/vuln/detail/CVE-2022-29144[ 165 ] CVE-2022-29146 https://nvd.nist.gov/vuln/detail/CVE-2022-29146[ 166 ] CVE-2022-29147 https://nvd.nist.gov/vuln/detail/CVE-2022-29147[ 167 ] CVE-2022-30127 https://nvd.nist.gov/vuln/detail/CVE-2022-30127[ 168 ] CVE-2022-30128 https://nvd.nist.gov/vuln/detail/CVE-2022-30128[ 169 ] CVE-2022-30192 https://nvd.nist.gov/vuln/detail/CVE-2022-30192[ 170 ] CVE-2022-33638 https://nvd.nist.gov/vuln/detail/CVE-2022-33638[ 171 ] CVE-2022-33639 https://nvd.nist.gov/vuln/detail/CVE-2022-33639Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-25Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed [email protected] or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5Related news
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An
Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.
Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.
Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction.
Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.
Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions.
Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.
Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.
Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.
Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.
Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.
Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.
Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture.
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.
Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.
Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.
Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native
Plus: Google issues fixes for Android bugs, and Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639.
Flaws in protection mechanism leaves websites more exposed to DOM XSS-based attacks
Chrome suffers from having an incomplete fix for CVE-2022-1096.
Chrome suffers from having an incomplete fix for CVE-2022-1096.
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.
Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.
Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.
Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.
We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.
We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.
We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128.
Microsoft Edge (Chromium-based) Spoofing Vulnerability.
Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch […]
Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch […]
Google has issued an update for the Chrome browser to patch 32 security issues . One of the vulnerabilities is rated as critical, so install that update as soon as you can. The post Update now! Multiple vulnerabilities patched in Google Chrome appeared first on Malwarebytes Labs.
Hello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239088 CVSS redefinitions A fairly common problem: we have a CVE without an available CVSS vector and score. For example, this was the case with CVE-2022-1364 Type Confusion in […]
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.
Microsoft Edge (Chromium-based) Spoofing Vulnerability.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912.
Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.