CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1490 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1490
28 Apr 2022 — Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Browser Switcher en Google Chrome versiones anteriores a 101.0.4951.41, permitía que un atacante remoto que convenciera a un usuario de participar en una interacción específica con el usuario explotara potencialmente la corrupción de la pila por... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1491 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1491
28 Apr 2022 — Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Un uso de memoria previamente liberada en Bookmarks en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una interacción específica y directa con el usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst o... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1492 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1492
28 Apr 2022 — Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. Una comprobación insuficiente de datos en Blink Editing en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto inyectar scripts o HTML arbitrarios por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code ex... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1493 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1493
28 Apr 2022 — Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Un uso de memoria previamente liberada en Dev Tools en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una interacción específica y directa con el usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst o... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1494 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1494
28 Apr 2022 — Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. Una comprobación insuficiente de datos en Trusted Types en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto eludir la política de tipos de confianza por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code ex... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1495 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1495
28 Apr 2022 — Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. Una Interfaz de Seguridad incorrecta en Downloads en Google Chrome en Android versiones anteriores a 101.0.4951.41, permitía a un atacante remoto falsificar el diálogo de descargas de APK por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remot... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1496 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1496
28 Apr 2022 — Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Un uso de memoria previamente liberada en File Manager en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una interacción específica y directa con el usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the w... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1497 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1497
28 Apr 2022 — Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. Una implementación inapropiada en Input en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto falsificar el contenido de sitios web de origen cruzado por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote ... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-346: Origin Validation Error •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1498 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1498
28 Apr 2022 — Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada en HTML Parser en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less tha... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1499 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1499
28 Apr 2022 — Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una implementación inapropiada de WebAuthentication en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto eludir la política del mismo origen por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-863: Incorrect Authorization •