ALT-PU-2022-1828-2 — chromium-gost

BDU:2022-02115

HIGH7.5

Уязвимость браузера Google Chrome, связанная с некорректно реализованной проверкой безопасности для стандартных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2022-04-12Modified: 2024-09-13

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2022-1306

BDU:2022-02139

HIGH8.8

Уязвимость компонента BFCache браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2022-04-12Modified: 2024-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-1308

BDU:2022-02140

HIGH8.8

Уязвимость хранилища Storage браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Published: 2022-04-12Modified: 2024-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-1305

BDU:2022-02141

HIGH7.5

Уязвимость реализации полноэкранного режима браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2022-04-12Modified: 2024-09-13

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2022-1307

BDU:2022-02175

HIGH8.8

Уязвимость командной строки Chrome OS Shell (CROSH) браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Published: 2022-04-13Modified: 2024-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-1311

BDU:2022-02176

HIGH8.8

Уязвимость браузера Google Chrome, связанная с ошибками при обработке регулярных выражений, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-13Modified: 2024-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-1310

BDU:2022-02177

HIGH8.8

Уязвимость набора инструментов для веб-разработчиков Developer Tools браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Published: 2022-04-13Modified: 2024-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-1309

BDU:2022-02178

HIGH8.8

Уязвимость хранилища Storage браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-13Modified: 2024-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-1312

BDU:2022-02179

MEDIUM6.5

Уязвимость реализации расширения «Группы вкладок» браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2022-04-13Modified: 2024-09-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2022-1313

BDU:2022-02180

MEDIUM6.5

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2022-04-13Modified: 2024-09-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2022-1314

BDU:2022-02336

HIGH8.8

Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-15Modified: 2024-09-24

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-1364

BDU:2022-04377

HIGH8.8

Уязвимость браузеров Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2022-07-15Modified: 2022-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2023-04628

HIGH8.8

Уязвимость компонента Base Internals браузера Google Chrome, позволяющая нарушителю выполнить чтение и запись произвольных файлов

Published: 2023-08-11

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4919

BDU:2023-04629

CRITICAL9.6

Уязвимость механизма отображения веб-страниц Blink браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Published: 2023-08-11

CVSS 3.xCRITICAL 9.6

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4920

CVE-2022-1232

HIGH8.8

Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1305

HIGH8.8

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1306

MEDIUM4.3

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2022-1307

MEDIUM4.3

Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2022-1308

HIGH8.8

Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1309

CRITICAL9.6

Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xCRITICAL 9.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2022-1310

HIGH8.8

Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1311

HIGH8.8

Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1312

CRITICAL9.6

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xCRITICAL 9.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2022-1313

HIGH8.8

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1314

HIGH8.8

Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-25Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1364

HIGH8.8

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2025-10-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1477

HIGH8.8

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1478

HIGH8.8

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1479

HIGH8.8

Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1480

NONE

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Published: 2022-10-03Modified: 2023-11-07

CVE-2022-1481

HIGH8.8

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1482

MEDIUM6.5

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2022-1483

HIGH8.8

Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1484

HIGH8.8

Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1485

HIGH7.5

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1486

HIGH8.8

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1487

HIGH7.5

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-1488

MEDIUM4.3

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2022-1489

HIGH8.8

Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1490

HIGH8.8

Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1491

HIGH8.8

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1492

MEDIUM6.1

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

CVE-2022-1493

HIGH8.8

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1494

MEDIUM6.1

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

CVE-2022-1495

MEDIUM4.3

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2022-1496

HIGH8.8

Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-1497

MEDIUM6.5

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2022-1498

MEDIUM4.3

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2022-1499

MEDIUM6.3

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

CVE-2022-1500

MEDIUM6.5

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2022-1501

MEDIUM6.5

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

CVE-2022-1919

HIGH8.8

Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-28Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-2399

HIGH8.8

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-28Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-3863

MEDIUM6.1

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Published: 2023-01-02Modified: 2024-11-21

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H

References

CVE-2022-4919

HIGH8.8

Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Published: 2023-07-29Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-4920

CRITICAL9.6

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2023-07-29Modified: 2024-11-21

CVSS 3.xCRITICAL 9.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

Package update chromium-gost in branch sisyphus

Closed issues (56)

Уязвимость хранилища Storage браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость командной строки Chrome OS Shell (CROSH) браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость браузера Google Chrome, связанная с ошибками при обработке регулярных выражений, позволяющая нарушителю выполнить произвольный код

Уязвимость набора инструментов для веб-разработчиков Developer Tools браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость хранилища Storage браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации расширения «Группы вкладок» браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Base Internals браузера Google Chrome, позволяющая нарушителю выполнить чтение и запись произвольных файлов

Уязвимость механизма отображения веб-страниц Blink браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.

Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.

Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)