CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3057 – Gentoo Linux Security Advisory 202209-23
https://notcve.org/view.php?id=CVE-2022-3057
12 Sep 2022 — Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada de iframe Sandbox en Google Chrome versiones anteriores a 105.0.5195.52, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions le... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3058 – Gentoo Linux Security Advisory 202209-23
https://notcve.org/view.php?id=CVE-2022-3058
12 Sep 2022 — Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. Un uso de memoria previamente liberada en Sign-In Flow en Google Chrome versiones anteriores a 105.0.5195.52, permitía que un atacante remoto que convenciera a un usuario de participar en interacciones específicas de la Interfaz de Usuario explotar potencialmente una corrupción de pila po... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3071 – Gentoo Linux Security Advisory 202209-23
https://notcve.org/view.php?id=CVE-2022-3071
12 Sep 2022 — Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. Un uso de memoria previamente liberada en Tab Strip en Google Chrome en Chrome OS, Lacros versiones anteriores a 105.0.5195.52, permitía a un atacante remoto que convenciera a un usuario de participar en interacciones específicas de la Interfaz de Usuario explotar potenc... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 3%CPEs: 5EXPL: 1CVE-2022-2856 – Google Chromium Intents Insufficient Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2856
22 Aug 2022 — Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. Una comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 104.0.5112.101, permitía a un atacante remoto navegar arbitrariamente a un sitio web malicioso por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and i... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-2852 – Chrome AccountSelectionBubbleView::OnAccountImageFetched Heap Use-After-Free
https://notcve.org/view.php?id=CVE-2022-2852
22 Aug 2022 — Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en FedCM en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versi... • https://packetstorm.news/files/id/169457 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2022-2853 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2853
22 Aug 2022 — Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de la memoria intermedia de pila en Downloads en Google Chrome en Android versiones anteriores a 104.0.5112.101, permitía a un atacante remoto que hubiera comprometido el proceso de renderización explotar potencialmente una corrupción de la memoria intermedia por medio de una ... • https://packetstorm.news/files/id/169459 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2854 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2854
22 Aug 2022 — Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en SwiftShader en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code exec... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2855 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2855
22 Aug 2022 — Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en ANGLE en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versi... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2857 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2857
22 Aug 2022 — Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versi... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2858 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2858
22 Aug 2022 — Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. Un uso de memoria previamente liberada en Sign-In Flow en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una interacción específica de la Interfaz de Usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of whic... • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free •