Multiple vulnerabilities in Google Chrome
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2022-0302 CVE-2022-0311 CVE-2022-0310 CVE-2022-0309 CVE-2022-0308 CVE-2022-0307 CVE-2022-0306 CVE-2022-0305 CVE-2022-0304 CVE-2022-0303 CVE-2022-0301 CVE-2022-0289 CVE-2022-0300 CVE-2022-0298 CVE-2022-0297 CVE-2022-0296 CVE-2022-0295 CVE-2022-0294 CVE-2022-0293 CVE-2022-0292 CVE-2022-0291 CVE-2022-0290 |
| CWE-ID | CWE-416 CWE-122 CWE-358 CWE-362 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU59860
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1278613
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0302
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU59869
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0311
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Task Manager. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1283807
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0311
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU59868
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0310
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Task Manager. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1283805
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0310
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improperly implemented security check for standard
EUVDB-ID: #VU59867
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0309
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1240472
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0309
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU59866
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0308
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Data Transfer in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1282480
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0308
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU59865
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0307
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Optimization Guide in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1281881
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0307
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU59864
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0306
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in PDFium. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1283198
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0306
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improperly implemented security check for standard
EUVDB-ID: #VU59863
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0305
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Service Worker API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1282354
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0305
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU59862
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0304
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Bookmarks component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1282118
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0304
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Race condition
EUVDB-ID: #VU59861
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0303
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in GPU Watchdog in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the target system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1281979
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0303
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU59859
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0301
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in DevTools. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1276331
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0301
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU59848
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0289
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Safe browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1284367
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0289
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU59858
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0300
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Text Input Method Editor component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1275438
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0300
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU59857
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0298
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Scheduling component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1212957
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0298
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU59856
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0297
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1274316
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0297
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU59855
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0296
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Printing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1283375
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0296
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU59854
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0295
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1278180
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0295
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improperly implemented security check for standard
EUVDB-ID: #VU59853
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0294
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Push messaging in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1273017
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0294
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU59852
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0293
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Web packaging component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1283371
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0293
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improperly implemented security check for standard
EUVDB-ID: #VU59851
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0292
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Fenced Frames in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1270358
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0292
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improperly implemented security check for standard
EUVDB-ID: #VU59850
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0291
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Storage in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1281084
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0291
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU59849
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0290
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Site isolation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 97.0.4692.99.
Vulnerable software versionsGoogle Chrome: 7.0.517.44 - 97.0.4692.71
CPE2.3- cpe:2.3:a:google:google_chrome:7.0.517.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:70.0.3538.77:*:*:*:*:*:*:*
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
https://crbug.com/1260007
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-0290
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
