CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1498 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1498
28 Apr 2022 — Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada en HTML Parser en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less tha... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-1232 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1232
28 Apr 2022 — Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 100.0.4896.75, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20... • https://packetstorm.news/files/id/167516 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1491 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1491
28 Apr 2022 — Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Un uso de memoria previamente liberada en Bookmarks en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una interacción específica y directa con el usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst o... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 33%CPEs: 1EXPL: 2CVE-2022-1364 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2022-1364
28 Apr 2022 — Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 Turbofan en Google Chrome versiones anteriores a 100.0.4896.127, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions... • https://github.com/A1Lin/cve-2022-1364 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1500 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1500
28 Apr 2022 — Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una comprobación insuficiente de datos en Dev Tools en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto eludir la política de seguridad de contenidos por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code ex... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1125 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1125
28 Apr 2022 — Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. Un Uso de memoria previamente liberada en Portals en Google Chrome versiones anteriores a 100.0.4896.60, permitía a un atacante remoto que convencía a un usuario de participar en una interacción específica con el usuario explotar potencialmente la corrupción de la pila por medio de la interacción c... • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1127 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1127
28 Apr 2022 — Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. Un Uso de memoria previamente liberada en QR Code Generator en Google Chrome versiones anteriores a 100.0.4896.60, permitía que un atacante remoto que convenciera a un usuario de participar en una interacción específica con el usuario explotara potencialmente la corrupción de la pila por ... • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1128 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1128
28 Apr 2022 — Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. Una implementación inapropiada de la API de Web Share en Google Chrome en Windows versiones anteriores a 100.0.4896.60, permitía a un atacante en el segmento de red local filtrar datos de origen cruzado por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, ... • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1129 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1129
28 Apr 2022 — Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una implementación inapropiada en el modo de pantalla completa en Google Chrome en Android versiones anteriores a 100.0.4896.60 permitía a un atacante remoto falsificar el contenido de la Omnibox (barra de URL) por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its deri... • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1130 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1130
28 Apr 2022 — Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. Una comprobación insuficiente de la entrada confiable en WebOTP en Google Chrome en Android versiones anteriores a 100.0.4896.60, permitía a un atacante remoto enviar intenciones arbitrarias desde cualquier aplicación por medio de una aplicación maliciosa Multiple vulnerabilities have been found in Chromium and its derivativ... • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html • CWE-476: NULL Pointer Dereference •