CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2415 – Chrome WebGL Uniform Integer Overflows
https://notcve.org/view.php?id=CVE-2022-2415
Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebGL en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante remoto aprovechar la corrupción de la pila por medio de una página HTML diseñada The WebGL implementation for setting uniform values with an ArrayBuffer argument do not properly handle large buffer sizes. As WASM now allows allocating large ArrayBuffers, this can lead to buffer overflows when writing to the GPU command buffer. • http://packetstormsecurity.com/files/167972/Chrome-WebGL-Uniform-Integer-Overflows.html https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1316368 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2022-2480 – Chrome content::ServiceWorkerVersion::MaybeTimeoutRequest Heap Use-After-Free
https://notcve.org/view.php?id=CVE-2022-2480
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Service Worker API en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Chrome suffers from a heap use-after-free vulnerability in content::ServiceWorkerVersion::MaybeTimeoutRequest. Google Chrome version 103.0.5060.53 and Chromium version 105.0.5134.0 are affected. • http://packetstormsecurity.com/files/168115/Chrome-content-ServiceWorkerVersion-MaybeTimeoutRequest-Heap-Use-After-Free.html https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1339844 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2478
https://notcve.org/view.php?id=CVE-2022-2478
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en PDF en Google Chrome versiones anteriores a 103.0.5060.134 permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1335861 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2481
https://notcve.org/view.php?id=CVE-2022-2481
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. Un uso de memoria previamente liberada en Views en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante remoto que convencía a un usuario de participar en interacciones de usuario específicas explotar potencialmente la corrupción de la pila por medio de una interacción de la Interfaz de Usuario • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1341603 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2477
https://notcve.org/view.php?id=CVE-2022-2477
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Guest View en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1336266 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •