Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-1482: Chromium: CVE-2022-1482 Inappropriate implementation in WebGL

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

Microsoft Security Response Center
#vulnerability#web#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2022-1481: Chromium: CVE-2022-1481 Use after free in Sharing

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1480: Chromium: CVE-2022-1480 Use after free in Device API

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1479: Chromium: CVE-2022-1479 Use after free in ANGLE

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1478: Chromium: CVE-2022-1478 Use after free in SwiftShader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1477: Chromium: CVE-2022-1477 Use after free in Vulkan

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-29147: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-29146: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

CVE-2022-24891: esapi-java-legacy/esapi4java-core-2.3.0.0-release-notes.txt at develop · ESAPI/esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.

CVE-2022-29417: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.