CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2022-2480 – Chrome content::ServiceWorkerVersion::MaybeTimeoutRequest Heap Use-After-Free
https://notcve.org/view.php?id=CVE-2022-2480
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Service Worker API en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Chrome suffers from a heap use-after-free vulnerability in content::ServiceWorkerVersion::MaybeTimeoutRequest. Google Chrome version 103.0.5060.53 and Chromium version 105.0.5134.0 are affected. • http://packetstormsecurity.com/files/168115/Chrome-content-ServiceWorkerVersion-MaybeTimeoutRequest-Heap-Use-After-Free.html https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1339844 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2478
https://notcve.org/view.php?id=CVE-2022-2478
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en PDF en Google Chrome versiones anteriores a 103.0.5060.134 permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1335861 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2481
https://notcve.org/view.php?id=CVE-2022-2481
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. Un uso de memoria previamente liberada en Views en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante remoto que convencía a un usuario de participar en interacciones de usuario específicas explotar potencialmente la corrupción de la pila por medio de una interacción de la Interfaz de Usuario • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1341603 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2477
https://notcve.org/view.php?id=CVE-2022-2477
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Guest View en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1336266 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2479
https://notcve.org/view.php?id=CVE-2022-2479
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. Una comprobación insuficiente de entradas no confiables en File en Google Chrome en Android versiones anteriores a 103.0.5060.134, permitía a un atacante que convenciera a un usuario de instalar una aplicación maliciosa obtener información potencialmente confidencial de directorios de archivos internos por medio de una página HTML manipulada • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1329987 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 https://security.gentoo.org/glsa/202208-35 • CWE-20: Improper Input Validation •