CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1486 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1486
28 Apr 2022 — Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto conseguir información potencialmente confidencial de la memoria del proceso por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1487 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1487
28 Apr 2022 — Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. Un uso de memoria previamente liberada en Ozone en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de la ejecución de una prueba de Wayland. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code ... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1488 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1488
28 Apr 2022 — Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Una implementación inapropiada en Extensions API en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa filtrar datos de origen cruzado por medio de una extensión de Chrome diseñada. Multiple vulnerabiliti... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1489 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1489
28 Apr 2022 — Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. Un acceso a la memoria fuera de límites en UI Shelf en Google Chrome en Chrome OS, Lacros versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de interacciones de usuario específicas. Multiple vulnerabilities have been found in Chromium and... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1490 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1490
28 Apr 2022 — Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Browser Switcher en Google Chrome versiones anteriores a 101.0.4951.41, permitía que un atacante remoto que convenciera a un usuario de participar en una interacción específica con el usuario explotara potencialmente la corrupción de la pila por... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1491 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1491
28 Apr 2022 — Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Un uso de memoria previamente liberada en Bookmarks en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una interacción específica y directa con el usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst o... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1492 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1492
28 Apr 2022 — Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. Una comprobación insuficiente de datos en Blink Editing en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto inyectar scripts o HTML arbitrarios por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code ex... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1493 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1493
28 Apr 2022 — Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Un uso de memoria previamente liberada en Dev Tools en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una interacción específica y directa con el usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst o... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1495 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1495
28 Apr 2022 — Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. Una Interfaz de Seguridad incorrecta en Downloads en Google Chrome en Android versiones anteriores a 101.0.4951.41, permitía a un atacante remoto falsificar el diálogo de descargas de APK por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remot... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1496 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1496
28 Apr 2022 — Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. Un uso de memoria previamente liberada en File Manager en Google Chrome versiones anteriores a 101.0.4951.41, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una interacción específica y directa con el usuario. Multiple vulnerabilities have been found in Chromium and its derivatives, the w... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •