ALT-PU-2022-1207-1
Package chromium-gost updated to version 97.0.4692.99-alt1 for branch sisyphus in task 294625.
Closed vulnerabilities
BDU:2022-00744
Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-00745
Уязвимость реализации push-уведомлений браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-00750
Уязвимость набора инструментов для веб-разработки DevTools браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-00792
Уязвимость диспетчера задачTask Manager браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2022-00834
Уязвимость функции изоляции сайтов (Site Isolation) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-00857
Уязвимость компонента Data Transfer браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2022-00864
Уязвимость компонента Web packaging браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-00865
Уязвимость службы Optimization Guide браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2022-00866
Уязвимость реализации функции автозаполнения Autofill браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2022-00867
Уязвимость службы Safe Browsing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-00868
Уязвимость компонента Storage браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
BDU:2022-00874
Уязвимость адресной строки Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2022-01053
Уязвимость компонента Task Manager браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
Modified: 2024-11-21
CVE-2022-0289
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/166547/Chrome-safe_browsing-ThreatDetails-OnReceivedThreatDOMDetails-Use-After-Free.html
- http://packetstormsecurity.com/files/166547/Chrome-safe_browsing-ThreatDetails-OnReceivedThreatDOMDetails-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1284367
- https://crbug.com/1284367
Modified: 2024-11-21
CVE-2022-0290
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html
- http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1260134
- https://crbug.com/1260134
Modified: 2024-11-21
CVE-2022-0291
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0292
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0293
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0294
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0295
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0296
Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0297
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0298
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0300
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0301
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0302
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0304
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0305
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0306
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/166367/Chrome-chrome_pdf-PDFiumEngine-RequestThumbnail-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/166367/Chrome-chrome_pdf-PDFiumEngine-RequestThumbnail-Heap-Buffer-Overflow.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://crbug.com/1283198
- https://crbug.com/1283198
Modified: 2024-11-21
CVE-2022-0307
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0308
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0309
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Modified: 2024-11-21
CVE-2022-0310
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
Modified: 2024-11-21
CVE-2022-0311
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.