All errata/sisyphus/ALT-PU-2022-1984-2
ALT-PU-2022-1984-2

Package update chromium-gost in branch sisyphus

Version102.0.5005.61-alt1
Task#301016
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (58)

BDU:2022-03186
HIGH7.1

Уязвимость компонента WebApp браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-05-30Modified: 2023-11-21
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:P
References
BDU:2022-03204
HIGH8.8

Уязвимость компонента Sharing браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-05-30Modified: 2024-10-30
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2022-03205
HIGH8.8

Уязвимость компонента UI Foundations браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-05-30Modified: 2024-10-30
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2022-03272
MEDIUM6.5

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-03Modified: 2023-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2022-03310
MEDIUM6.5

Уязвимость компонента Data Transfer браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-07Modified: 2023-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2022-03323
HIGH8.8

Уязвимость интерфейса File System API браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти введенные ограничения безопасности

Published: 2022-06-07Modified: 2024-10-30
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2022-03325
HIGH8.8

Уязвимость компонента обучения пользователей браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-06-07Modified: 2024-10-30
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2022-03326
HIGH8.8

Уязвимость библиотеки ANGLE браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-06-07Modified: 2024-10-30
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2022-03327
HIGH8.8

Уязвимость компонента обмена сообщениями браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-06-07Modified: 2024-10-30
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2022-03329
MEDIUM6.5

Уязвимость браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-08Modified: 2023-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2022-03331
HIGH8.3

Уязвимость реализации Extensions браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-08Modified: 2023-11-21
CVSS 3.xHIGH 8.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H
CVSS 2.0CRITICAL 9.7
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:C
References
BDU:2022-03332
MEDIUM6.5

Уязвимость компонента Bookmarks браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-08Modified: 2023-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2022-03347
HIGH8.8

Уязвимость компонента Performance Manager браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-06-09Modified: 2024-10-30
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
References
BDU:2022-03367
MEDIUM6.3

Уязвимость компонента Tab Groups браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2022-06-09Modified: 2023-11-21
CVSS 3.xMEDIUM 6.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
BDU:2022-03386
MEDIUM6.5

Уязвимость набора инструментов для веб-разработки DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-10Modified: 2024-10-30
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2022-03824
MEDIUM4.3

Уязвимость интерфейса File System API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-27Modified: 2023-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
References
BDU:2022-03825
MEDIUM6.5

Уязвимость режима планшета браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-27Modified: 2023-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2022-03826
LOW3.1

Уязвимость набора инструментов DevTools браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2022-06-27Modified: 2024-09-13
CVSS 3.xLOW 3.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0LOW 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N
References
BDU:2022-03827
MEDIUM4.3

Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-27Modified: 2023-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
References
BDU:2022-03828
MEDIUM4.3

Уязвимость компонента COOP браузера Google Chrome , позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-27Modified: 2024-09-13
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
References
BDU:2022-03829
MEDIUM4.3

Уязвимость службы Safe Browsing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-27Modified: 2024-09-13
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
References
BDU:2022-03830
LOW3.1

Уязвимость плагина PDF браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2022-06-27Modified: 2023-11-21
CVSS 3.xLOW 3.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0LOW 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N
References
BDU:2022-03831
HIGH8.1

Уязвимость интерфейса API расширений браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Published: 2022-06-27Modified: 2023-11-21
CVSS 3.xHIGH 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVSS 2.0CRITICAL 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:C
References
BDU:2023-04627
HIGH8.8

Уязвимость пользовательского интерфейса браузера Google Chrome, позволяющая нарушителю выполнить чтение и запись произвольных файлов

Published: 2023-08-11
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2022-1633
HIGH8.8

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1634
HIGH8.8

Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1635
HIGH8.8

Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1636
HIGH8.8

Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1637
MEDIUM4.3

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References
CVE-2022-1638
HIGH8.8

Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1639
HIGH8.8

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1640
HIGH8.8

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1641
HIGH8.8

Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction.

Published: 2022-07-26Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1853
CRITICAL9.6

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xCRITICAL 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References
CVE-2022-1854
HIGH8.8

Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1855
HIGH8.8

Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1856
HIGH8.8

Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1857
HIGH8.8

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1858
MEDIUM6.5

Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References
CVE-2022-1859
HIGH8.8

Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1860
HIGH8.8

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1861
HIGH8.8

Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1862
MEDIUM6.5

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References
CVE-2022-1863
HIGH8.8

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1864
HIGH8.8

Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1865
HIGH8.8

Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1866
HIGH8.8

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1867
MEDIUM6.5

Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References
CVE-2022-1868
MEDIUM6.5

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References
CVE-2022-1869
MEDIUM6.5

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References
CVE-2022-1870
HIGH8.8

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1871
MEDIUM4.3

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References
CVE-2022-1872
MEDIUM4.3

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References
CVE-2022-1873
MEDIUM6.5

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References
CVE-2022-1874
HIGH8.8

Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-1875
MEDIUM4.3

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References
CVE-2022-1876
HIGH8.8

Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-27Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2022-4918
HIGH8.8

Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-07-29Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References