CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0109 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2022-0109
28 Jan 2022 — Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. Una implementación inapropiada de Autofill en Google Chrome versiones anteriores a 97.0.4692.71, permitía a un atacante remoto obtener información potencialmente confidencial por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of servi... • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-0115 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2022-0115
28 Jan 2022 — Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un uso no inicializado en File API en Google Chrome versiones anteriores a 97.0.4692.71, permitía a un atacante remoto llevar a cabo un acceso a la memoria fuera de límites por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or ... • https://packetstorm.news/files/id/165879 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0114 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2022-0114
28 Jan 2022 — Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. Un acceso a la memoria fuera de límites en Blink Serial API en Google Chrome versiones anteriores a 97.0.4692.71, permitía a un atacante remoto llevar a cabo una lectura de memoria fuera de límites por medio de una página HTML diseñada y un controlador de puerto serie virtual Multiple security issues w... • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0117 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2022-0117
28 Jan 2022 — Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una omisión de políticas en Blink en Google Chrome versiones anteriores a 97.0.4692.71, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0289 – Debian Security Advisory 5054-1
https://notcve.org/view.php?id=CVE-2022-0289
28 Jan 2022 — Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Safe browsing en Google Chrome versiones anteriores a 97.0.4692.99, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada Chrome suffers from a heap use-after-free vulnerability in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails. Versions ... • https://packetstorm.news/files/id/166547 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-4102 – Google Chromium V8 Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-4102
28 Jan 2022 — Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en V8 en Google Chrome versiones anteriores a 96.0.4664.110, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information d... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4098 – Chrome IPC::ChannelAssociatedGroupController Memory Corruption
https://notcve.org/view.php?id=CVE-2021-4098
13 Jan 2022 — Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Una comprobación insuficiente de datos en Mojo en Google Chrome versiones anteriores a 96.0.4664.110, permitía a un atacante remoto que hubiera comprometido el proceso de renderización llevar a cabo potencialmente un escape de sandbox por medio de una página HTML diseñada Multiple security issues were ... • https://packetstorm.news/files/id/165561 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4079 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4079
23 Dec 2021 — Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. Una escritura fuera de límites en WebRTC en Google Chrome versiones anteriores a 96.0.4664.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de paquetes WebRTC diseñados Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Vers... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4078 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4078
23 Dec 2021 — Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 96.0.4664.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p202... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4068 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4068
23 Dec 2021 — Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una comprobación insuficiente de datos en new tab page en Google Chrome versiones anteriores a 96.0.4664.93, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions l... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html • CWE-116: Improper Encoding or Escaping of Output •