CVE-2022-2160
https://notcve.org/view.php?id=CVE-2022-2160
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. Una aplicación insuficiente de políticas en DevTools en Google Chrome en Windows versiones anteriores a 103.0.5060.53, permitía que un atacante que convenciera a un usuario de instalar una extensión maliciosa obtuviera información potencialmente confidencial de los archivos locales de un usuario por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1116450 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-2161
https://notcve.org/view.php?id=CVE-2022-2161
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. Un uso de memoria previamente liberada en WebApp Provider en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante remoto que convencía al usuario de participar en interacciones de usuario específicas explotar potencialmente la corrupción de la pila por medio de interacciones de Interfaz de Usuario específicas • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1330289 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •
CVE-2022-2162
https://notcve.org/view.php?id=CVE-2022-2162
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. La aplicación insuficiente de políticas en la API del sistema de archivos de Google Chrome en Windows versiones anteriores a 103.0.5060.53, permitía a un atacante remoto omitir el acceso al sistema de archivos por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1307930 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 •
CVE-2022-2163
https://notcve.org/view.php?id=CVE-2022-2163
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. Un uso de memoria previamente liberada en Cast UI and Toolbar en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa explotar potencialmente la corrupción de la pila por medio de la interacción con la interfaz de usuario • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html https://crbug.com/1308341 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 https://security.gentoo.org/glsa/202208-35 • CWE-416: Use After Free •
CVE-2022-2164
https://notcve.org/view.php?id=CVE-2022-2164
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. Una implementación inapropiada en Extensions API en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa omitir el control de acceso discrecional por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1268445 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 •