Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202208-25

Gentoo Linux Security Advisory 202208-25 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected.

Packet Storm
#vulnerability#web#mac#google#microsoft#linux#rce#chrome
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities     Date: August 14, 2022     Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372       ID: 202208-25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been found in Chromium and itsderivatives, the worst of which could result in remote code execution.Background=========Chromium is an open-source browser project that aims to build a safer,faster, and more stable way for all users to experience the web.Google Chrome is one fast, simple, and secure browser for all yourdevices.Microsoft Edge is a browser that combines a minimal design withsophisticated technology to make the web faster, safer, and easier.Affected packages================    -------------------------------------------------------------------     Package              /     Vulnerable     /            Unaffected    -------------------------------------------------------------------  1  dev-qt/qtwebengine         < 5.15.5_p20220618>= 5.15.5_p20220618  2  www-client/chromium        < 103.0.5060.53      >= 103.0.5060.53  3  www-client/google-chrome   < 103.0.5060.53      >= 103.0.5060.53  4  www-client/microsoft-edge  < 101.0.1210.47      >= 101.0.1210.47Description==========Multiple vulnerabilities have been discovered in Chromium and itsderivatives. Please review the CVE identifiers referenced below fordetails.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All Chromium users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All Chromium binary users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"All Google Chrome users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"All Microsoft Edge users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"All QtWebEngine users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.5_p20220618"References=========[ 1 ] CVE-2021-4052      https://nvd.nist.gov/vuln/detail/CVE-2021-4052[ 2 ] CVE-2021-4053      https://nvd.nist.gov/vuln/detail/CVE-2021-4053[ 3 ] CVE-2021-4054      https://nvd.nist.gov/vuln/detail/CVE-2021-4054[ 4 ] CVE-2021-4055      https://nvd.nist.gov/vuln/detail/CVE-2021-4055[ 5 ] CVE-2021-4056      https://nvd.nist.gov/vuln/detail/CVE-2021-4056[ 6 ] CVE-2021-4057      https://nvd.nist.gov/vuln/detail/CVE-2021-4057[ 7 ] CVE-2021-4058      https://nvd.nist.gov/vuln/detail/CVE-2021-4058[ 8 ] CVE-2021-4059      https://nvd.nist.gov/vuln/detail/CVE-2021-4059[ 9 ] CVE-2021-4061      https://nvd.nist.gov/vuln/detail/CVE-2021-4061[ 10 ] CVE-2021-4062      https://nvd.nist.gov/vuln/detail/CVE-2021-4062[ 11 ] CVE-2021-4063      https://nvd.nist.gov/vuln/detail/CVE-2021-4063[ 12 ] CVE-2021-4064      https://nvd.nist.gov/vuln/detail/CVE-2021-4064[ 13 ] CVE-2021-4065      https://nvd.nist.gov/vuln/detail/CVE-2021-4065[ 14 ] CVE-2021-4066      https://nvd.nist.gov/vuln/detail/CVE-2021-4066[ 15 ] CVE-2021-4067      https://nvd.nist.gov/vuln/detail/CVE-2021-4067[ 16 ] CVE-2021-4068      https://nvd.nist.gov/vuln/detail/CVE-2021-4068[ 17 ] CVE-2021-4078      https://nvd.nist.gov/vuln/detail/CVE-2021-4078[ 18 ] CVE-2021-4079      https://nvd.nist.gov/vuln/detail/CVE-2021-4079[ 19 ] CVE-2021-30551      https://nvd.nist.gov/vuln/detail/CVE-2021-30551[ 20 ] CVE-2022-0789      https://nvd.nist.gov/vuln/detail/CVE-2022-0789[ 21 ] CVE-2022-0790      https://nvd.nist.gov/vuln/detail/CVE-2022-0790[ 22 ] CVE-2022-0791      https://nvd.nist.gov/vuln/detail/CVE-2022-0791[ 23 ] CVE-2022-0792      https://nvd.nist.gov/vuln/detail/CVE-2022-0792[ 24 ] CVE-2022-0793      https://nvd.nist.gov/vuln/detail/CVE-2022-0793[ 25 ] CVE-2022-0794      https://nvd.nist.gov/vuln/detail/CVE-2022-0794[ 26 ] CVE-2022-0795      https://nvd.nist.gov/vuln/detail/CVE-2022-0795[ 27 ] CVE-2022-0796      https://nvd.nist.gov/vuln/detail/CVE-2022-0796[ 28 ] CVE-2022-0797      https://nvd.nist.gov/vuln/detail/CVE-2022-0797[ 29 ] CVE-2022-0798      https://nvd.nist.gov/vuln/detail/CVE-2022-0798[ 30 ] CVE-2022-0799      https://nvd.nist.gov/vuln/detail/CVE-2022-0799[ 31 ] CVE-2022-0800      https://nvd.nist.gov/vuln/detail/CVE-2022-0800[ 32 ] CVE-2022-0801      https://nvd.nist.gov/vuln/detail/CVE-2022-0801[ 33 ] CVE-2022-0802      https://nvd.nist.gov/vuln/detail/CVE-2022-0802[ 34 ] CVE-2022-0803      https://nvd.nist.gov/vuln/detail/CVE-2022-0803[ 35 ] CVE-2022-0804      https://nvd.nist.gov/vuln/detail/CVE-2022-0804[ 36 ] CVE-2022-0805      https://nvd.nist.gov/vuln/detail/CVE-2022-0805[ 37 ] CVE-2022-0806      https://nvd.nist.gov/vuln/detail/CVE-2022-0806[ 38 ] CVE-2022-0807      https://nvd.nist.gov/vuln/detail/CVE-2022-0807[ 39 ] CVE-2022-0808      https://nvd.nist.gov/vuln/detail/CVE-2022-0808[ 40 ] CVE-2022-0809      https://nvd.nist.gov/vuln/detail/CVE-2022-0809[ 41 ] CVE-2022-0971      https://nvd.nist.gov/vuln/detail/CVE-2022-0971[ 42 ] CVE-2022-0972      https://nvd.nist.gov/vuln/detail/CVE-2022-0972[ 43 ] CVE-2022-0973      https://nvd.nist.gov/vuln/detail/CVE-2022-0973[ 44 ] CVE-2022-0974      https://nvd.nist.gov/vuln/detail/CVE-2022-0974[ 45 ] CVE-2022-0975      https://nvd.nist.gov/vuln/detail/CVE-2022-0975[ 46 ] CVE-2022-0976      https://nvd.nist.gov/vuln/detail/CVE-2022-0976[ 47 ] CVE-2022-0977      https://nvd.nist.gov/vuln/detail/CVE-2022-0977[ 48 ] CVE-2022-0978      https://nvd.nist.gov/vuln/detail/CVE-2022-0978[ 49 ] CVE-2022-0979      https://nvd.nist.gov/vuln/detail/CVE-2022-0979[ 50 ] CVE-2022-0980      https://nvd.nist.gov/vuln/detail/CVE-2022-0980[ 51 ] CVE-2022-1096      https://nvd.nist.gov/vuln/detail/CVE-2022-1096[ 52 ] CVE-2022-1125      https://nvd.nist.gov/vuln/detail/CVE-2022-1125[ 53 ] CVE-2022-1127      https://nvd.nist.gov/vuln/detail/CVE-2022-1127[ 54 ] CVE-2022-1128      https://nvd.nist.gov/vuln/detail/CVE-2022-1128[ 55 ] CVE-2022-1129      https://nvd.nist.gov/vuln/detail/CVE-2022-1129[ 56 ] CVE-2022-1130      https://nvd.nist.gov/vuln/detail/CVE-2022-1130[ 57 ] CVE-2022-1131      https://nvd.nist.gov/vuln/detail/CVE-2022-1131[ 58 ] CVE-2022-1132      https://nvd.nist.gov/vuln/detail/CVE-2022-1132[ 59 ] CVE-2022-1133      https://nvd.nist.gov/vuln/detail/CVE-2022-1133[ 60 ] CVE-2022-1134      https://nvd.nist.gov/vuln/detail/CVE-2022-1134[ 61 ] CVE-2022-1135      https://nvd.nist.gov/vuln/detail/CVE-2022-1135[ 62 ] CVE-2022-1136      https://nvd.nist.gov/vuln/detail/CVE-2022-1136[ 63 ] CVE-2022-1137      https://nvd.nist.gov/vuln/detail/CVE-2022-1137[ 64 ] CVE-2022-1138      https://nvd.nist.gov/vuln/detail/CVE-2022-1138[ 65 ] CVE-2022-1139      https://nvd.nist.gov/vuln/detail/CVE-2022-1139[ 66 ] CVE-2022-1141      https://nvd.nist.gov/vuln/detail/CVE-2022-1141[ 67 ] CVE-2022-1142      https://nvd.nist.gov/vuln/detail/CVE-2022-1142[ 68 ] CVE-2022-1143      https://nvd.nist.gov/vuln/detail/CVE-2022-1143[ 69 ] CVE-2022-1144      https://nvd.nist.gov/vuln/detail/CVE-2022-1144[ 70 ] CVE-2022-1145      https://nvd.nist.gov/vuln/detail/CVE-2022-1145[ 71 ] CVE-2022-1146      https://nvd.nist.gov/vuln/detail/CVE-2022-1146[ 72 ] CVE-2022-1232      https://nvd.nist.gov/vuln/detail/CVE-2022-1232[ 73 ] CVE-2022-1305      https://nvd.nist.gov/vuln/detail/CVE-2022-1305[ 74 ] CVE-2022-1306      https://nvd.nist.gov/vuln/detail/CVE-2022-1306[ 75 ] CVE-2022-1307      https://nvd.nist.gov/vuln/detail/CVE-2022-1307[ 76 ] CVE-2022-1308      https://nvd.nist.gov/vuln/detail/CVE-2022-1308[ 77 ] CVE-2022-1309      https://nvd.nist.gov/vuln/detail/CVE-2022-1309[ 78 ] CVE-2022-1310      https://nvd.nist.gov/vuln/detail/CVE-2022-1310[ 79 ] CVE-2022-1311      https://nvd.nist.gov/vuln/detail/CVE-2022-1311[ 80 ] CVE-2022-1312      https://nvd.nist.gov/vuln/detail/CVE-2022-1312[ 81 ] CVE-2022-1313      https://nvd.nist.gov/vuln/detail/CVE-2022-1313[ 82 ] CVE-2022-1314      https://nvd.nist.gov/vuln/detail/CVE-2022-1314[ 83 ] CVE-2022-1364      https://nvd.nist.gov/vuln/detail/CVE-2022-1364[ 84 ] CVE-2022-1477      https://nvd.nist.gov/vuln/detail/CVE-2022-1477[ 85 ] CVE-2022-1478      https://nvd.nist.gov/vuln/detail/CVE-2022-1478[ 86 ] CVE-2022-1479      https://nvd.nist.gov/vuln/detail/CVE-2022-1479[ 87 ] CVE-2022-1480      https://nvd.nist.gov/vuln/detail/CVE-2022-1480[ 88 ] CVE-2022-1481      https://nvd.nist.gov/vuln/detail/CVE-2022-1481[ 89 ] CVE-2022-1482      https://nvd.nist.gov/vuln/detail/CVE-2022-1482[ 90 ] CVE-2022-1483      https://nvd.nist.gov/vuln/detail/CVE-2022-1483[ 91 ] CVE-2022-1484      https://nvd.nist.gov/vuln/detail/CVE-2022-1484[ 92 ] CVE-2022-1485      https://nvd.nist.gov/vuln/detail/CVE-2022-1485[ 93 ] CVE-2022-1486      https://nvd.nist.gov/vuln/detail/CVE-2022-1486[ 94 ] CVE-2022-1487      https://nvd.nist.gov/vuln/detail/CVE-2022-1487[ 95 ] CVE-2022-1488      https://nvd.nist.gov/vuln/detail/CVE-2022-1488[ 96 ] CVE-2022-1489      https://nvd.nist.gov/vuln/detail/CVE-2022-1489[ 97 ] CVE-2022-1490      https://nvd.nist.gov/vuln/detail/CVE-2022-1490[ 98 ] CVE-2022-1491      https://nvd.nist.gov/vuln/detail/CVE-2022-1491[ 99 ] CVE-2022-1492      https://nvd.nist.gov/vuln/detail/CVE-2022-1492[ 100 ] CVE-2022-1493      https://nvd.nist.gov/vuln/detail/CVE-2022-1493[ 101 ] CVE-2022-1494      https://nvd.nist.gov/vuln/detail/CVE-2022-1494[ 102 ] CVE-2022-1495      https://nvd.nist.gov/vuln/detail/CVE-2022-1495[ 103 ] CVE-2022-1496      https://nvd.nist.gov/vuln/detail/CVE-2022-1496[ 104 ] CVE-2022-1497      https://nvd.nist.gov/vuln/detail/CVE-2022-1497[ 105 ] CVE-2022-1498      https://nvd.nist.gov/vuln/detail/CVE-2022-1498[ 106 ] CVE-2022-1499      https://nvd.nist.gov/vuln/detail/CVE-2022-1499[ 107 ] CVE-2022-1500      https://nvd.nist.gov/vuln/detail/CVE-2022-1500[ 108 ] CVE-2022-1501      https://nvd.nist.gov/vuln/detail/CVE-2022-1501[ 109 ] CVE-2022-1633      https://nvd.nist.gov/vuln/detail/CVE-2022-1633[ 110 ] CVE-2022-1634      https://nvd.nist.gov/vuln/detail/CVE-2022-1634[ 111 ] CVE-2022-1635      https://nvd.nist.gov/vuln/detail/CVE-2022-1635[ 112 ] CVE-2022-1636      https://nvd.nist.gov/vuln/detail/CVE-2022-1636[ 113 ] CVE-2022-1637      https://nvd.nist.gov/vuln/detail/CVE-2022-1637[ 114 ] CVE-2022-1639      https://nvd.nist.gov/vuln/detail/CVE-2022-1639[ 115 ] CVE-2022-1640      https://nvd.nist.gov/vuln/detail/CVE-2022-1640[ 116 ] CVE-2022-1641      https://nvd.nist.gov/vuln/detail/CVE-2022-1641[ 117 ] CVE-2022-1853      https://nvd.nist.gov/vuln/detail/CVE-2022-1853[ 118 ] CVE-2022-1854      https://nvd.nist.gov/vuln/detail/CVE-2022-1854[ 119 ] CVE-2022-1855      https://nvd.nist.gov/vuln/detail/CVE-2022-1855[ 120 ] CVE-2022-1856      https://nvd.nist.gov/vuln/detail/CVE-2022-1856[ 121 ] CVE-2022-1857      https://nvd.nist.gov/vuln/detail/CVE-2022-1857[ 122 ] CVE-2022-1858      https://nvd.nist.gov/vuln/detail/CVE-2022-1858[ 123 ] CVE-2022-1859      https://nvd.nist.gov/vuln/detail/CVE-2022-1859[ 124 ] CVE-2022-1860      https://nvd.nist.gov/vuln/detail/CVE-2022-1860[ 125 ] CVE-2022-1861      https://nvd.nist.gov/vuln/detail/CVE-2022-1861[ 126 ] CVE-2022-1862      https://nvd.nist.gov/vuln/detail/CVE-2022-1862[ 127 ] CVE-2022-1863      https://nvd.nist.gov/vuln/detail/CVE-2022-1863[ 128 ] CVE-2022-1864      https://nvd.nist.gov/vuln/detail/CVE-2022-1864[ 129 ] CVE-2022-1865      https://nvd.nist.gov/vuln/detail/CVE-2022-1865[ 130 ] CVE-2022-1866      https://nvd.nist.gov/vuln/detail/CVE-2022-1866[ 131 ] CVE-2022-1867      https://nvd.nist.gov/vuln/detail/CVE-2022-1867[ 132 ] CVE-2022-1868      https://nvd.nist.gov/vuln/detail/CVE-2022-1868[ 133 ] CVE-2022-1869      https://nvd.nist.gov/vuln/detail/CVE-2022-1869[ 134 ] CVE-2022-1870      https://nvd.nist.gov/vuln/detail/CVE-2022-1870[ 135 ] CVE-2022-1871      https://nvd.nist.gov/vuln/detail/CVE-2022-1871[ 136 ] CVE-2022-1872      https://nvd.nist.gov/vuln/detail/CVE-2022-1872[ 137 ] CVE-2022-1873      https://nvd.nist.gov/vuln/detail/CVE-2022-1873[ 138 ] CVE-2022-1874      https://nvd.nist.gov/vuln/detail/CVE-2022-1874[ 139 ] CVE-2022-1875      https://nvd.nist.gov/vuln/detail/CVE-2022-1875[ 140 ] CVE-2022-1876      https://nvd.nist.gov/vuln/detail/CVE-2022-1876[ 141 ] CVE-2022-2007      https://nvd.nist.gov/vuln/detail/CVE-2022-2007[ 142 ] CVE-2022-2010      https://nvd.nist.gov/vuln/detail/CVE-2022-2010[ 143 ] CVE-2022-2011      https://nvd.nist.gov/vuln/detail/CVE-2022-2011[ 144 ] CVE-2022-2156      https://nvd.nist.gov/vuln/detail/CVE-2022-2156[ 145 ] CVE-2022-2157      https://nvd.nist.gov/vuln/detail/CVE-2022-2157[ 146 ] CVE-2022-2158      https://nvd.nist.gov/vuln/detail/CVE-2022-2158[ 147 ] CVE-2022-2160      https://nvd.nist.gov/vuln/detail/CVE-2022-2160[ 148 ] CVE-2022-2161      https://nvd.nist.gov/vuln/detail/CVE-2022-2161[ 149 ] CVE-2022-2162      https://nvd.nist.gov/vuln/detail/CVE-2022-2162[ 150 ] CVE-2022-2163      https://nvd.nist.gov/vuln/detail/CVE-2022-2163[ 151 ] CVE-2022-2164      https://nvd.nist.gov/vuln/detail/CVE-2022-2164[ 152 ] CVE-2022-2165      https://nvd.nist.gov/vuln/detail/CVE-2022-2165[ 153 ] CVE-2022-22021      https://nvd.nist.gov/vuln/detail/CVE-2022-22021[ 154 ] CVE-2022-24475      https://nvd.nist.gov/vuln/detail/CVE-2022-24475[ 155 ] CVE-2022-24523      https://nvd.nist.gov/vuln/detail/CVE-2022-24523[ 156 ] CVE-2022-26891      https://nvd.nist.gov/vuln/detail/CVE-2022-26891[ 157 ] CVE-2022-26894      https://nvd.nist.gov/vuln/detail/CVE-2022-26894[ 158 ] CVE-2022-26895      https://nvd.nist.gov/vuln/detail/CVE-2022-26895[ 159 ] CVE-2022-26900      https://nvd.nist.gov/vuln/detail/CVE-2022-26900[ 160 ] CVE-2022-26905      https://nvd.nist.gov/vuln/detail/CVE-2022-26905[ 161 ] CVE-2022-26908      https://nvd.nist.gov/vuln/detail/CVE-2022-26908[ 162 ] CVE-2022-26909      https://nvd.nist.gov/vuln/detail/CVE-2022-26909[ 163 ] CVE-2022-26912      https://nvd.nist.gov/vuln/detail/CVE-2022-26912[ 164 ] CVE-2022-29144      https://nvd.nist.gov/vuln/detail/CVE-2022-29144[ 165 ] CVE-2022-29146      https://nvd.nist.gov/vuln/detail/CVE-2022-29146[ 166 ] CVE-2022-29147      https://nvd.nist.gov/vuln/detail/CVE-2022-29147[ 167 ] CVE-2022-30127      https://nvd.nist.gov/vuln/detail/CVE-2022-30127[ 168 ] CVE-2022-30128      https://nvd.nist.gov/vuln/detail/CVE-2022-30128[ 169 ] CVE-2022-30192      https://nvd.nist.gov/vuln/detail/CVE-2022-30192[ 170 ] CVE-2022-33638      https://nvd.nist.gov/vuln/detail/CVE-2022-33638[ 171 ] CVE-2022-33639      https://nvd.nist.gov/vuln/detail/CVE-2022-33639Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202208-25Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed [email protected] or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2022 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Related news

CVE-2022-29144

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-29147

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2022-29146

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An

Gentoo Linux Security Advisory 202208-35

Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Google Chrome Zero-Day Found Exploited in the Wild

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on

CVE-2022-2161

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2162

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

CVE-2022-2011: Stable Channel Update for Desktop

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2160

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2156

Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2165: Stable Channel Update for Desktop

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2022-1873: Stable Channel Update for Desktop

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-1875

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-1870

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2022-1869

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1867

Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.

CVE-2022-1866

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.

CVE-2022-1863

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

CVE-2022-1874

Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.

CVE-2022-1859

Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1856

Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.

CVE-2022-1854

Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1853

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2022-1876

Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1862

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.

CVE-2022-1637

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-1364: Stable Channel Update for Desktop

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1639

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1640

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1641

Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction.

CVE-2022-1635

Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.

CVE-2022-1634

Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions.

CVE-2022-1633

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.

CVE-2022-1477: Stable Channel Update for Desktop

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1481

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1485

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1486

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2022-1487

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.

CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

CVE-2022-1489

Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

CVE-2022-1493

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

CVE-2022-1499

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2022-1500

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2022-1498

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-1494

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.

CVE-2022-1314: Stable Channel Update for Desktop

Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1232: Stable Channel Update for Desktop

Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1312

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2022-1134

Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1125

Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

CVE-2022-1096

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

CVE-2022-1142

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.

CVE-2022-1129

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2022-1130

Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

CVE-2022-1132

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

CVE-2022-1145

Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.

CVE-2022-1144

Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.

CVE-2022-1143: Stable Channel Update for Desktop

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.

CVE-2022-1133

Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1141

Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture.

CVE-2022-1139

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-1138

Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2022-1137

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.

CVE-2022-1146

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-0980

Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.

CVE-2022-0976: Stable Channel Update for Desktop

Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0972

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0971

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0977

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0973

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0975

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk

As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.

Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk

As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.

Google Chrome WebRTC Zero-Day Faces Active Exploitation

The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

Google Chrome WebRTC Zero-Day Faces Active Exploitation

The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native

You Need to Update Windows and Chrome Right Now

Plus: Google issues fixes for Android bugs, and Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

CVE-2022-33638

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.

CVE-2022-33639

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.

CVE-2022-30192

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639.

Chrome CVE-2022-1096 Incomplete Fix

Chrome suffers from having an incomplete fix for CVE-2022-1096.

Chrome CVE-2022-1096 Incomplete Fix

Chrome suffers from having an incomplete fix for CVE-2022-1096.

CVE-2022-22021

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CISA Recommends Organizations Update to the Latest Version of Google Chrome

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.

CISA Recommends Organizations Update to the Latest Version of Google Chrome

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.

CISA Recommends Organizations Update to the Latest Version of Google Chrome

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.

Update Chrome now: Four high risk vulnerabilities found

We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.

Update Chrome now: Four high risk vulnerabilities found

We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.

Update Chrome now: Four high risk vulnerabilities found

We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.

CVE-2022-30128

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127.

CVE-2022-30127

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128.

CVE-2022-26905

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch […]

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch […]

Update now! Multiple vulnerabilities patched in Google Chrome

Google has issued an update for the Chrome browser to patch 32 security issues . One of the vulnerabilities is rated as critical, so install that update as soon as you can. The post Update now! Multiple vulnerabilities patched in Google Chrome appeared first on Malwarebytes Labs.

Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data

Hello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239088 CVSS redefinitions A fairly common problem: we have a CVE without an available CVSS vector and score. For example, this was the case with CVE-2022-1364 Type Confusion in […]

CVE-2022-26894

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

CVE-2022-26895

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

CVE-2022-26900

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

CVE-2022-24523

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

CVE-2022-24475

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

CVE-2022-26908

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912.

CVE-2022-26912

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909.

CVE-2022-26891

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

CVE-2022-26912

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26909

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26908

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26909

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912.

CVE-2022-0800: Stable Channel Update for Desktop

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-4052: Stable Channel Update for Desktop

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution