CRITICAL9.8
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 9.7
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:C/A:CReferences
ALT-PU-2023-1572-2Package update yandex-browser-stable in branch p10
Severity:
Closed issues (88)
HIGH7.1
Уязвимость расширений браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.1
Уязвимость интерфейса для доступа к медиафайлам chrome.mediaGalleries браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
CRITICAL9.6
Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xCRITICAL 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH7.1
Уязвимость реализации полноэкранного режима браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на целостность, доступность и конфиденциальность защищаемой информации
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
CRITICAL9.6
Уязвимость режима рендеринга Vulkan браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
CVSS 3.xCRITICAL 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH7.1
Уязвимость расширения Feedback браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.1
Уязвимость модуля Accessibility (Специальные возможности) браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.4
Уязвимость расширений браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVSS 3.xHIGH 7.4
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NCVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:N/A:NReferences
CRITICAL9.6
Уязвимость компонента Layout браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
CVSS 3.xCRITICAL 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH7.1
Уязвимость файловой системы браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LCVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH8.8
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость механизма Web Workers браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость компонента WebCodecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость компонента Crashpad браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
CRITICAL9.8
Уязвимость графического процессора браузера Google Chrome, позволяющая нарушителю выйти из изолированной программной среды
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
CRITICAL9.8
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
MEDIUM6.5
Уязвимость набора инструментов для веб-разработки DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:NReferences
CRITICAL9.8
Уязвимость компонента Blink Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
CRITICAL9.8
Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость компонента Blink Frames браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость компонента Aura браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость компонента Profiles браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
MEDIUM4.3
Уязвимость функции Navigation браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю проводить спуфинг-атаки
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
MEDIUM4.3
Уязвимость реализации механизма CORS браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
HIGH8.8
Уязвимость компонента Accessibility браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать повреждение стека
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код с помощью специально созданного расширения в Chrome
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
MEDIUM4.3
Уязвимость службы Safe Browsing браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
HIGH8.8
Уязвимость компонента отображения субтитров браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость компонента авторизации браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
MEDIUM4.3
Уязвимость набора инструментов для веб-разработки DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
MEDIUM4.3
Уязвимость компонента Downloads браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
MEDIUM4.3
Уязвимость компонента автозаполнения браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
MEDIUM4.3
Уязвимость браузеров Microsoft Edge и Google Chrome, связанная с недостатками разграничения доступа, позволяющая нарушителю оказать воздействие на целостность данных
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
MEDIUM4.3
Уязвимость функции конфиденциальности Fenced Frames браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NReferences
HIGH8.8
Уязвимость компонента Forms браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость браузеров Microsoft Edge и Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Уязвимость компонента Mojo браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
HIGH8.8
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HHIGH8.8
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HHIGH8.8
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
- https://crbug.com/1365330
- http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html
- https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
- https://crbug.com/1365330
HIGH8.8
Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HHIGH8.8
Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HHIGH8.8
Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HHIGH8.8
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HHIGH8.8
Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HMEDIUM4.3
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NMEDIUM4.3
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NHIGH8.8
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
- https://crbug.com/1378239
- https://security.gentoo.org/glsa/202305-10
- https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
- https://crbug.com/1378239
- https://security.gentoo.org/glsa/202305-10
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3723
HIGH8.8
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1377816
- https://www.debian.org/security/2022/dsa-5275
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1377816
- https://www.debian.org/security/2022/dsa-5275
HIGH8.8
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1372999
- https://www.debian.org/security/2022/dsa-5275
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1372999
- https://www.debian.org/security/2022/dsa-5275
HIGH8.8
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1372695
- https://www.debian.org/security/2022/dsa-5275
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1372695
- https://www.debian.org/security/2022/dsa-5275
HIGH8.8
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1375059
- https://www.debian.org/security/2022/dsa-5275
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1375059
- https://www.debian.org/security/2022/dsa-5275
HIGH8.8
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1380063
- https://www.debian.org/security/2022/dsa-5275
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1380063
- https://www.debian.org/security/2022/dsa-5275
CRITICAL9.6
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xCRITICAL 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1380083
- https://www.debian.org/security/2022/dsa-5275
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1380083
- https://www.debian.org/security/2022/dsa-5275
CRITICAL9.6
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xCRITICAL 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
- https://crbug.com/1392715
- https://security.gentoo.org/glsa/202305-10
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
- https://crbug.com/1392715
- https://security.gentoo.org/glsa/202305-10
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4135
HIGH8.8
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1379054
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1379054
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1381401
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1381401
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1361066
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1361066
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1379242
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1379242
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1376099
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1376099
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1377783
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1377783
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1378564
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1378564
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1382581
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1382581
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1368739
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1368739
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1251790
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1251790
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1358647
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1358647
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1373025
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1373025
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1377165
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1377165
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM6.5
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1381217
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1381217
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1340879
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1340879
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1344647
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1344647
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1378997
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1378997
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1373941
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1373941
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1344514
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1344514
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1354518
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1354518
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1370562
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1370562
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
MEDIUM4.3
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NReferences
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1371926
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
- https://crbug.com/1371926
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
- https://crbug.com/1394403
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
- https://crbug.com/1394403
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4262
HIGH8.8
Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1383991
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1383991
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1394692
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1394692
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1381871
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1381871
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1392661
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1392661
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
HIGH8.8
Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1382761
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
- https://crbug.com/1382761
- https://security.gentoo.org/glsa/202305-10
- https://security.gentoo.org/glsa/202311-11
CRITICAL9.6
Heap buffer overflow in GPU
CVSS 3.xCRITICAL 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HReferences