CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1494 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1494
28 Apr 2022 — Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. Una comprobación insuficiente de datos en Trusted Types en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto eludir la política de tipos de confianza por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code ex... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1501 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1501
28 Apr 2022 — Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada de iframe en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1482 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1482
28 Apr 2022 — Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada de WebGL en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1481 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1481
28 Apr 2022 — Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Sharing en Google Chrome en Mac versiones anteriores a 101.0.4951.41, permitía que un atacante remoto que convenciera a un usuario de participar en una interacción específica con el usuario explotara potencialmente la corrupción de la pila por med... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 33%CPEs: 1EXPL: 2CVE-2022-1364 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2022-1364
28 Apr 2022 — Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 Turbofan en Google Chrome versiones anteriores a 100.0.4896.127, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions... • https://github.com/A1Lin/cve-2022-1364 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1309 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1309
28 Apr 2022 — Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Una aplicación insuficiente de políticas en developer tools de Google Chrome versiones anteriores a 100.0.4896.88, permitía a un atacante remoto llevar a cabo un filtrado de sandbox por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in r... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1306 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1306
28 Apr 2022 — Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una implementación inapropiada en compositing Google Chrome versiones anteriores a 100.0.4896.88, permitía a un atacante remoto falsificar el contenido de la Omnibox (barra de URL) por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in re... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1132 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1132
28 Apr 2022 — Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. Una implementación inapropiada en Virtual Keyboard en Google Chrome en Chrome OS versiones anteriores a 100.0.4896.60, permitía a un atacante local omitir las restricciones de navegación por medio del acceso físico al dispositivo Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of... • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1490 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1490
28 Apr 2022 — Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Browser Switcher en Google Chrome versiones anteriores a 101.0.4951.41, permitía que un atacante remoto que convenciera a un usuario de participar en una interacción específica con el usuario explotara potencialmente la corrupción de la pila por... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1139 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1139
28 Apr 2022 — Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada de Background Fetch API en Google Chrome versiones anteriores a 100.0.4896.60, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. ... • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html • CWE-203: Observable Discrepancy •