CVSS: 6.5EPSS: 3%CPEs: 5EXPL: 1CVE-2022-2856 – Google Chromium Intents Insufficient Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2856
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. Una comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 104.0.5112.101, permitía a un atacante remoto navegar arbitrariamente a un sitio web malicioso por medio de una página HTML diseñada. Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345630 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2857
https://notcve.org/view.php?id=CVE-2022-2857
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1338135 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2855
https://notcve.org/view.php?id=CVE-2022-2855
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en ANGLE en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345042 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2859
https://notcve.org/view.php?id=CVE-2022-2859
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. Un uso de memoria previamente liberada en Chrome OS Shell en Google Chrome versiones anteriores a 104.0.5112.101, permitía que un atacante remoto que convenciera a un usuario de participar en interacciones específicas de la Interfaz de Usuario pudiera explotar la corrupción de la pila por medio de interacciones específicas de la Interfaz de Usuario. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1338412 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2860
https://notcve.org/view.php?id=CVE-2022-2860
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. Una aplicación insuficiente de políticas en Cookies en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto omitir las restricciones de prefijo de cookies por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345193 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE •