CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2855
https://notcve.org/view.php?id=CVE-2022-2855
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en ANGLE en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345042 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-416: Use After Free •
CVSS: 6.5EPSS: 3%CPEs: 5EXPL: 1CVE-2022-2856 – Google Chromium Intents Insufficient Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2856
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. Una comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 104.0.5112.101, permitía a un atacante remoto navegar arbitrariamente a un sitio web malicioso por medio de una página HTML diseñada. Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345630 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2854
https://notcve.org/view.php?id=CVE-2022-2854
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en SwiftShader en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1337538 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2624
https://notcve.org/view.php?id=CVE-2022-2624
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento del búfer de la pila en PDF en Google Chrome versiones anteriores a 104.0.5112.79, permitía que un atacante remoto que convenciera a un usuario de realizar determinadas interacciones con él pudiera aprovechar la corrupción de la pila por medio de un archivo PDF diseñado. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1339745 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2623
https://notcve.org/view.php?id=CVE-2022-2623
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. Un uso de la memoria previamente liberada en Offline en Google Chrome en Android versiones anteriores a 104.0.5112.79, permitía a un atacante remoto que convencía a un usuario de participar en interacciones de usuario específicas para explotar potencialmente la corrupción de la pila por medio de interacciones de Interfaz de Usuario específicas. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1337798 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •