CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2479 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2479
28 Jul 2022 — Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. Una comprobación insuficiente de entradas no confiables en File en Google Chrome en Android versiones anteriores a 103.0.5060.134, permitía a un atacante que convenciera a un usuario de instalar una aplicación maliciosa obtener información p... • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 14%CPEs: 1EXPL: 1CVE-2022-2480 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2480
28 Jul 2022 — Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Service Worker API en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Chrome suffers from a heap use-after-free vulnerability in content::ServiceWorkerVersion::MaybeTimeoutRequest.... • https://packetstorm.news/files/id/168115 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2481 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2481
28 Jul 2022 — Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. Un uso de memoria previamente liberada en Views en Google Chrome versiones anteriores a 103.0.5060.134, permitía a un atacante remoto que convencía a un usuario de participar en interacciones de usuario específicas explotar potencialmente la corrupción de la pila por medio de una interacción de la In... • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2296 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2296
28 Jul 2022 — Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. Un uso de memoria previamente liberada en Chrome OS Shell en Google Chrome en Chrome OS versiones anteriores a 103.0.5060.114, permitía que un atacante remoto que convenciera a un usuario de realizar interacciones específicas con el usuario explotara potencialmente la c... • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2295 – Gentoo Linux Security Advisory 202208-35
https://notcve.org/view.php?id=CVE-2022-2295
28 Jul 2022 — Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 103.0.5060.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.51... • https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 2%CPEs: 31EXPL: 0CVE-2022-2294 – WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-2294
22 Jul 2022 — Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome versiones anteriores a 103.0.5060.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malic... • http://www.openwall.com/lists/oss-security/2022/07/28/2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2156 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-2156
28 Jun 2022 — Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Core en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions... • https://packetstorm.news/files/id/167784 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2157 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-2157
28 Jun 2022 — Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Interest groups en Google Chrome versiones anteriores a 103.0.5060.53 permitía a un atacante remoto que hubiera comprometido el proceso de renderización explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities ... • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2158 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-2158
28 Jun 2022 — Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20... • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2160 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-2160
28 Jun 2022 — Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. Una aplicación insuficiente de políticas en DevTools en Google Chrome en Windows versiones anteriores a 103.0.5060.53, permitía que un atacante que convenciera a un usuario de instalar una extensión maliciosa obtuviera información potencialmente co... • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •