ALT-BU-2022-6160-1
Branch p10 update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
Closed vulnerabilities
BDU:2022-04198
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-04600
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2022-04877
Уязвимость настроек Settings браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-04883
Уязвимость браузеров Google Chrome и Microsoft Edge, связанная с недостаточной проверкой входных данных, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-04884
Уязвимость обработчика PDF-содержимого PDFium браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-04886
Уязвимость расширений браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05020
Уязвимость компонента Federated Credential Management браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05021
Уязвимость библиотеки SwiftShader браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05022
Уязвимость библиотеки ANGLE браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05023
Уязвимость механизма отображения веб-страниц Blink браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05150
Уязвимость командной строки Chrome OS Shell (CROSH), позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05151
Уязвимость компонента входа в систему Sign-In браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05152
Уязвимость компонента Extensions API браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05153
Уязвимость механизма обработки файлов cookie браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности и раскрыть защищаемую информацию
BDU:2022-05323
Уязвимость компонента Views браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-05354
Уязвимость механизма обработки файлов cookie браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности и раскрыть защищаемую информацию
BDU:2022-05355
Уязвимость компонента Background Fetch браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05357
Уязвимость обработчика PDF-содержимого браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-05359
Уязвимость гостевого режима браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-05360
Уязвимость службы Worker API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-05361
Уязвимость компонента входа в систему Sign-In браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии
BDU:2022-05428
Уязвимость браузеров Google Chrome и Microsoft Edge, связанная с раскрытием информации через несоответствие, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05429
Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05430
Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2022-05432
Уязвимость адресной строки Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-05439
Уязвимость службы Safe Browsing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-05448
Уязвимость службы Network браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05449
Уязвимость модуля WebSQL браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05450
Уязвимость компонента Layout браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05451
Уязвимость модуля WebSQL браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05452
Уязвимость функция PhoneHub браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05453
Уязвимость функции захват экрана (Screen Capture) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05454
Уязвимость функции изоляции сайтов (Site Isolation) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05455
Уязвимость обработчика JavaScript-сценариев V8 браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05456
Уязвимость компонента Browser Tag браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05457
Уязвимость элемента управления вкладками Tab Strip браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05458
Уязвимость компонента Extensions API браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2022-05459
Уязвимость экрана блокировки операционной системы Chrome OS, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2022-05460
Уязвимость режима разделения экрана SplitScreen браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05461
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05462
Уязвимость компонента Exosphere браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05463
Уязвимость расширения Window Manager браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05464
Уязвимость компонента Pointer Lock браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05465
Уязвимость набора инструментов для веб-разработки DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2022-05466
Уязвимость диспетчера паролей браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05467
Уязвимость реализации механизма CSP (Content Security Policy) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05468
Уязвимость изолированной среды iframe браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05469
Уязвимость компонента входа в систему Sign-In браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-05490
Уязвимость функции Browser Creation операционной системы Chrome OS, позволяющая нарушителю выполнить произвольный код
BDU:2022-05499
Уязвимость IPC-библиотеки Mojo браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-05628
Уязвимость компонента Dawn браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-05629
Уязвимость интерфейса API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2023-01060
Уязвимость оконного менеджера браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2022-2163
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://crbug.com/1308341
- https://crbug.com/1308341
- FEDORA-2022-0102ccc2a2
- FEDORA-2022-0102ccc2a2
- FEDORA-2022-1d3d5a0341
- FEDORA-2022-1d3d5a0341
- GLSA-202208-25
- GLSA-202208-25
- GLSA-202208-35
- GLSA-202208-35
Modified: 2025-04-03
CVE-2022-2294
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- [oss-security] 20220728 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007
- [oss-security] 20220728 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
- https://crbug.com/1341043
- https://crbug.com/1341043
- FEDORA-2022-0102ccc2a2
- FEDORA-2022-0102ccc2a2
- FEDORA-2022-1d3d5a0341
- FEDORA-2022-1d3d5a0341
- GLSA-202208-35
- GLSA-202208-35
- GLSA-202208-39
- GLSA-202208-39
- GLSA-202311-11
- GLSA-202311-11
Modified: 2024-11-21
CVE-2022-2295
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
- https://crbug.com/1336869
- https://crbug.com/1336869
- FEDORA-2022-0102ccc2a2
- FEDORA-2022-0102ccc2a2
- FEDORA-2022-1d3d5a0341
- FEDORA-2022-1d3d5a0341
- GLSA-202208-35
- GLSA-202208-35
Modified: 2024-11-21
CVE-2022-2477
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://crbug.com/1336266
- https://crbug.com/1336266
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-6c8de2cd15
- FEDORA-2023-6c8de2cd15
- GLSA-202208-35
- GLSA-202208-35
Modified: 2024-11-21
CVE-2022-2478
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://crbug.com/1335861
- https://crbug.com/1335861
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-6c8de2cd15
- FEDORA-2023-6c8de2cd15
Modified: 2024-11-21
CVE-2022-2480
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/168115/Chrome-content-ServiceWorkerVersion-MaybeTimeoutRequest-Heap-Use-After-Free.html
- http://packetstormsecurity.com/files/168115/Chrome-content-ServiceWorkerVersion-MaybeTimeoutRequest-Heap-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://crbug.com/1339844
- https://crbug.com/1339844
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-6c8de2cd15
- FEDORA-2023-6c8de2cd15
- GLSA-202208-35
- GLSA-202208-35
Modified: 2024-11-21
CVE-2022-2481
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html
- https://crbug.com/1341603
- https://crbug.com/1341603
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-ea7128b5ce
- FEDORA-2023-6c8de2cd15
- FEDORA-2023-6c8de2cd15
- GLSA-202208-35
- GLSA-202208-35
Modified: 2024-11-21
CVE-2022-2603
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2604
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2605
Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2606
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2610
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2612
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2614
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2615
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2616
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
Modified: 2024-11-21
CVE-2022-2617
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
Modified: 2024-11-21
CVE-2022-2618
Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .
Modified: 2024-11-21
CVE-2022-2619
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2621
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
Modified: 2024-11-21
CVE-2022-2624
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
Modified: 2024-11-21
CVE-2022-2743
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
Modified: 2024-11-21
CVE-2022-2852
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/169457/Chrome-AccountSelectionBubbleView-OnAccountImageFetched-Heap-Use-After-Free.html
- http://packetstormsecurity.com/files/169457/Chrome-AccountSelectionBubbleView-OnAccountImageFetched-Heap-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
- https://crbug.com/1349322
- https://crbug.com/1349322
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
Modified: 2024-11-21
CVE-2022-2854
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2855
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2857
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2858
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
Modified: 2024-11-21
CVE-2022-2859
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
Modified: 2024-11-21
CVE-2022-2860
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2861
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-2998
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
Modified: 2025-02-05
CVE-2022-3038
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/168596/Google-Chrome-103.0.5060.53-network-URLLoader-NotifyCompleted-Heap-Use-After-Free.html
- http://packetstormsecurity.com/files/168596/Google-Chrome-103.0.5060.53-network-URLLoader-NotifyCompleted-Heap-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1340253
- https://crbug.com/1340253
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3039
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1343348
- https://crbug.com/1343348
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3040
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1341539
- https://crbug.com/1341539
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3041
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1345947
- https://crbug.com/1345947
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3042
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1338553
- https://crbug.com/1338553
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3043
Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1336979
- https://crbug.com/1336979
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3044
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1051198
- https://crbug.com/1051198
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3045
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1339648
- https://crbug.com/1339648
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3046
Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1346245
- https://crbug.com/1346245
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3047
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1342586
- https://crbug.com/1342586
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3048
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1303308
- https://crbug.com/1303308
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3049
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1316892
- https://crbug.com/1316892
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3050
Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1337132
- https://crbug.com/1337132
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3051
Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1345245
- https://crbug.com/1345245
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3052
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1346154
- https://crbug.com/1346154
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3053
Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1267867
- https://crbug.com/1267867
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3054
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1290236
- https://crbug.com/1290236
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3055
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1351969
- https://crbug.com/1351969
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3056
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1329460
- https://crbug.com/1329460
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1336904
- https://crbug.com/1336904
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3058
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1337676
- https://crbug.com/1337676
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2024-11-21
CVE-2022-3071
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
- https://crbug.com/1333995
- https://crbug.com/1333995
- FEDORA-2022-3f28aa88cf
- FEDORA-2022-3f28aa88cf
- GLSA-202209-23
- GLSA-202209-23
Modified: 2025-03-06
CVE-2022-3075
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Package offlineimap updated to version 7.3.3-alt3 for branch p10 in task 297103.
Closed bugs
is not ready for Python 3
Package kde5-okular updated to version 22.04.3-alt2 for branch p10 in task 306290.
Closed bugs
бесконечная загрузка разворота