Debian update for chromium
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 25 |
| CVE-ID | CVE-2022-1490 CVE-2022-1501 CVE-2022-1500 CVE-2022-1499 CVE-2022-1498 CVE-2022-1497 CVE-2022-1496 CVE-2022-1495 CVE-2022-1494 CVE-2022-1493 CVE-2022-1492 CVE-2022-1491 CVE-2022-1489 CVE-2022-1477 CVE-2022-1488 CVE-2022-1487 CVE-2022-1486 CVE-2022-1485 CVE-2022-1484 CVE-2022-1483 CVE-2022-1482 CVE-2022-1481 CVE-2022-1480 CVE-2022-1479 CVE-2022-1478 |
| CWE-ID | CWE-416 CWE-358 CWE-20 CWE-451 CWE-125 CWE-843 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
chromium (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU62622
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1490
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Browser Switcher in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improperly implemented security check for standard
EUVDB-ID: #VU62633
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1501
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in iframe in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU62632
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1500
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Dev Tools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improperly implemented security check for standard
EUVDB-ID: #VU62631
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1499
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebAuthentication in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improperly implemented security check for standard
EUVDB-ID: #VU62630
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1498
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in HTML Parser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improperly implemented security check for standard
EUVDB-ID: #VU62629
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1497
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU62628
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1496
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Spoofing attack
EUVDB-ID: #VU62627
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1495
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU62626
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1494
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Trusted Types in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU62625
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1493
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Dev Tools in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU62624
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1492
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Blink Editing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU62623
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1491
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU62621
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1489
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the UI Shelf component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU62609
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1477
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improperly implemented security check for standard
EUVDB-ID: #VU62620
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1488
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU62619
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1487
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Ozone in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Type Confusion
EUVDB-ID: #VU62618
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1486
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU62617
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1485
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File System API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Heap-based buffer overflow
EUVDB-ID: #VU62616
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1484
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Web UI Settings. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Heap-based buffer overflow
EUVDB-ID: #VU62615
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1483
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebGPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improperly implemented security check for standard
EUVDB-ID: #VU62614
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1482
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in WebGL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU62613
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1481
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU62612
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1480
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Device API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU62611
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1479
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU62610
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1478
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate chromium package to version 101.0.4951.41-1~deb11u1.
Vulnerable software versionschromium (Debian package): 76.0.3809.100-1~deb10u1 - 100.0.4896.127-1~deb11u1
CPE2.3- cpe:2.3:a:debian:chromium_debian_package:76.0.3809.100-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.97-1~deb10u1:*:*:*:*:debian_linux:*:*
- cpe:2.3:a:debian:chromium_debian_package:78.0.3904.108-1~deb10u1:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2022/dsa-5125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
