MEDIUM6.3
Уязвимость компонента Core веб-браузера Google Chrome, позволяющая нарушителю повысить свои привилегии
CVSS 3.xMEDIUM 6.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
Severity:
Closed issues (20)
MEDIUM6.5
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NReferences
MEDIUM6.5
Уязвимость компонента Data Transfer веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NReferences
MEDIUM6.3
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
CVSS 3.xMEDIUM 6.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
MEDIUM6.3
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xMEDIUM 6.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
MEDIUM6.5
Уязвимость загрузчика веб-браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NReferences
MEDIUM6.5
Уязвимость графического процессора GPU браузеров Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM6.5
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NReferences
MEDIUM6.5
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NReferences
MEDIUM6.5
Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю изменить содержимое пользовательского интерфейса
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NReferences
HIGH8.8
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1402270
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1402270
- https://security.gentoo.org/glsa/202309-17
MEDIUM6.5
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1341541
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1341541
- https://security.gentoo.org/glsa/202309-17
HIGH8.8
Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1403573
- https://security.gentoo.org/glsa/202309-17
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1403573
- https://security.gentoo.org/glsa/202309-17
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
HIGH8.8
Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1371859
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1371859
- https://security.gentoo.org/glsa/202309-17
MEDIUM6.5
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1393732
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1393732
- https://security.gentoo.org/glsa/202309-17
HIGH8.8
Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1405123
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1405123
- https://security.gentoo.org/glsa/202309-17
HIGH8.8
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1316301
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1316301
- https://security.gentoo.org/glsa/202309-17
HIGH8.8
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1405574
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1405574
- https://security.gentoo.org/glsa/202309-17
MEDIUM6.5
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1385982
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1385982
- https://security.gentoo.org/glsa/202309-17
HIGH7.5
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1238642
- https://security.gentoo.org/glsa/202309-17
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1238642
- https://security.gentoo.org/glsa/202309-17