ALT-PU-2023-1047-2

BDU:2022-07153

HIGH8.8

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-12-07Modified: 2024-09-24

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4262

BDU:2022-07256

CRITICAL9.8

Уязвимость компонента Blink Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-12-16Modified: 2023-12-26

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4436

BDU:2022-07258

CRITICAL9.8

Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-12-16Modified: 2023-12-26

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4437

BDU:2022-07315

HIGH8.8

Уязвимость компонента Blink Frames браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-12-19Modified: 2023-12-26

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4438

BDU:2022-07318

HIGH8.8

Уязвимость компонента Aura браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-12-22Modified: 2023-02-15

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4439

BDU:2022-07321

HIGH8.8

Уязвимость компонента Profiles браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2022-12-22Modified: 2023-12-26

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-4440

BDU:2023-00071

CRITICAL9.8

Уязвимость функции Overview Mode браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2023-01-13Modified: 2023-12-26

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0128

BDU:2023-00166

HIGH8.8

Уязвимость сетевой службы браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Published: 2023-01-16Modified: 2024-12-16

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0129

BDU:2023-00533

MEDIUM6.5

Уязвимость реализации всплывающих окон с запросом на разрешение браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2023-02-03Modified: 2023-12-26

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2023-0132

BDU:2023-00534

MEDIUM6.5

Уязвимость реализации прикладного программного интерфейса File System браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Published: 2023-02-03Modified: 2025-02-07

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2023-0140

BDU:2023-00537

MEDIUM6.5

Уязвимость механизма «Downloads» («Загрузки») браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Published: 2023-02-03Modified: 2023-02-15

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0139

BDU:2023-03482

MEDIUM6.5

Уязвимость браузера Google Chrome, связанная с неправильно реализованной проверкой безопасности для стандартного элемента, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2023-06-30Modified: 2023-09-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2023-0133

BDU:2023-03484

HIGH8.8

Уязвимость расширения cart браузера Google Chrome, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2023-06-30Modified: 2024-09-24

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0134

BDU:2023-03485

HIGH8.8

Уязвимость расширения cart браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2023-06-30Modified: 2024-09-24

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0135

BDU:2023-03486

HIGH8.8

Уязвимость компонента Platform Apps браузера Google Chrome, позволяющая нарушителю установить произвольное расширение

Published: 2023-06-30Modified: 2023-09-13

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0137

BDU:2023-03487

MEDIUM6.5

Уязвимость изолированной среды iframe браузера Google Chrome, позволяющая нарушителю обойти существущие ограничения на загрузку файлов

Published: 2023-06-30Modified: 2024-09-24

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2023-0131

BDU:2023-03488

HIGH8.8

Уязвимость библиотеки libphonenumber браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2023-06-30Modified: 2024-09-24

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0138

BDU:2023-03489

MEDIUM4.3

Уязвимость реализации механизма CORS браузере Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2023-06-30Modified: 2024-09-24

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2023-0141

BDU:2023-03492

MEDIUM6.5

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2023-06-30Modified: 2025-02-07

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2023-0130

BDU:2023-03493

HIGH8.8

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2023-06-30Modified: 2025-02-07

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-0136

CVE-2022-4262

HIGH8.8

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2022-12-02Modified: 2025-10-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-4436

HIGH8.8

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2022-12-14Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-4437

HIGH8.8

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2022-12-14Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-4438

HIGH8.8

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2022-12-14Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-4439

HIGH8.8

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)

Published: 2022-12-14Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-4440

HIGH8.8

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Published: 2022-12-14Modified: 2024-11-21

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0128

HIGH8.8

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2023-01-10Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0129

HIGH8.8

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

Published: 2023-01-10Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0130

MEDIUM6.5

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-03-20

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2023-0131

MEDIUM6.5

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-03-20

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

CVE-2023-0132

MEDIUM6.5

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-03-20

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2023-0133

MEDIUM6.5

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-03-20

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2023-0134

HIGH8.8

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0135

HIGH8.8

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0136

HIGH8.8

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0137

HIGH8.8

Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-01-10Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0138

HIGH8.8

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Published: 2023-01-10Modified: 2025-05-05

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2023-0139

MEDIUM6.5

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)

Published: 2023-01-10Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2023-0140

MEDIUM6.5

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)

Published: 2023-01-10Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2023-0141

MEDIUM4.3

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Published: 2023-01-10Modified: 2025-03-20

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References

Package update chromium in branch sisyphus

Closed issues (40)

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Blink Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Blink Frames браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Aura браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Profiles браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость функции Overview Mode браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость сетевой службы браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации прикладного программного интерфейса File System браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Уязвимость механизма «Downloads» («Загрузки») браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Уязвимость расширения cart браузера Google Chrome, нарушить их целостность, а также вызвать отказ в обслуживании

Уязвимость компонента Platform Apps браузера Google Chrome, позволяющая нарушителю установить произвольное расширение

Уязвимость изолированной среды iframe браузера Google Chrome, позволяющая нарушителю обойти существущие ограничения на загрузку файлов

Уязвимость реализации механизма CORS браузере Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)

Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)