CVSS: 6.5EPSS: 11%CPEs: 5EXPL: 1CVE-2022-2856 – Google Chromium Intents Insufficient Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2856
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. Una comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 104.0.5112.101, permitía a un atacante remoto navegar arbitrariamente a un sitio web malicioso por medio de una página HTML diseñada. Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345630 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2860
https://notcve.org/view.php?id=CVE-2022-2860
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. Una aplicación insuficiente de políticas en Cookies en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto omitir las restricciones de prefijo de cookies por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345193 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2861
https://notcve.org/view.php?id=CVE-2022-2861
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. Una implementación inapropiada de Extensions API en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa inyectar scripts arbitrarios en la Interfaz de Usuario Web por medio de una página HTML manipulada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1346236 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2624
https://notcve.org/view.php?id=CVE-2022-2624
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento del búfer de la pila en PDF en Google Chrome versiones anteriores a 104.0.5112.79, permitía que un atacante remoto que convenciera a un usuario de realizar determinadas interacciones con él pudiera aprovechar la corrupción de la pila por medio de un archivo PDF diseñado. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1339745 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2623
https://notcve.org/view.php?id=CVE-2022-2623
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. Un uso de la memoria previamente liberada en Offline en Google Chrome en Android versiones anteriores a 104.0.5112.79, permitía a un atacante remoto que convencía a un usuario de participar en interacciones de usuario específicas para explotar potencialmente la corrupción de la pila por medio de interacciones de Interfaz de Usuario específicas. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1337798 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •