SB2022081504 - Gentoo update for Chromium, Google Chrome, Microsoft Edge, QtWebEngine
Published: August 15, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 171 secuirty vulnerabilities.
1) Type Confusion (CVE-ID: CVE-2021-30551)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
2) Use-after-free (CVE-ID: CVE-2021-4052)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the web apps component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Use-after-free (CVE-ID: CVE-2021-4053)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Spoofing attack (CVE-ID: CVE-2021-4054)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
5) Heap-based buffer overflow (CVE-ID: CVE-2021-4055)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in extensions. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
6) Type Confusion (CVE-ID: CVE-2021-4056)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the loader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Use-after-free (CVE-ID: CVE-2021-4057)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the file API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
8) Heap-based buffer overflow (CVE-ID: CVE-2021-4058)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
9) Input validation error (CVE-ID: CVE-2021-4059)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation in loader in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.
10) Type Confusion (CVE-ID: CVE-2021-4061)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Heap-based buffer overflow (CVE-ID: CVE-2021-4062)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in BFCache. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
12) Use-after-free (CVE-ID: CVE-2021-4063)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the developer tools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) Use-after-free (CVE-ID: CVE-2021-4064)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the screen capture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Use-after-free (CVE-ID: CVE-2021-4065)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Integer underflow (CVE-ID: CVE-2021-4066)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow. A remote attacker can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Use-after-free (CVE-ID: CVE-2021-4067)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the window manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Input validation error (CVE-ID: CVE-2021-4068)
The vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a improper input validation in new tab page in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.
18) Type Confusion (CVE-ID: CVE-2021-4078)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Out-of-bounds write (CVE-ID: CVE-2021-4079)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
20) Heap-based buffer overflow (CVE-ID: CVE-2022-0789)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
21) Use-after-free (CVE-ID: CVE-2022-0790)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Cast UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
22) Use-after-free (CVE-ID: CVE-2022-0791)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
23) Out-of-bounds read (CVE-ID: CVE-2022-0792)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ANGLE component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
24) Use-after-free (CVE-ID: CVE-2022-0793)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Views component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
25) Use-after-free (CVE-ID: CVE-2022-0794)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebShare component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
26) Type Confusion (CVE-ID: CVE-2022-0795)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the Blink Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Use-after-free (CVE-ID: CVE-2022-0796)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Media component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
28) Buffer overflow (CVE-ID: CVE-2022-0797)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Mojo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
29) Use-after-free (CVE-ID: CVE-2022-0798)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within MediaStream in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-0799)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Installer in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
31) Heap-based buffer overflow (CVE-ID: CVE-2022-0800)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Cast UI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
32) Improperly implemented security check for standard (CVE-ID: CVE-2022-0801)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in HTML parser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
33) Improperly implemented security check for standard (CVE-ID: CVE-2022-0802)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
34) Improperly implemented security check for standard (CVE-ID: CVE-2022-0803)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
35) Improperly implemented security check for standard (CVE-ID: CVE-2022-0804)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
36) Use-after-free (CVE-ID: CVE-2022-0805)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Browser Switcher in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
37) Information disclosure (CVE-ID: CVE-2022-0806)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Canvas in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.
38) Improperly implemented security check for standard (CVE-ID: CVE-2022-0807)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
39) Use-after-free (CVE-ID: CVE-2022-0808)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Chrome OS Shell in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
40) Out-of-bounds read (CVE-ID: CVE-2022-0809)
The vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the WebXR component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
41) Use-after-free (CVE-ID: CVE-2022-0971)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
42) Use-after-free (CVE-ID: CVE-2022-0972)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
43) Use-after-free (CVE-ID: CVE-2022-0973)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
44) Use-after-free (CVE-ID: CVE-2022-0974)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Splitscreen component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
45) Use-after-free (CVE-ID: CVE-2022-0975)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
46) Heap-based buffer overflow (CVE-ID: CVE-2022-0976)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
47) Use-after-free (CVE-ID: CVE-2022-0977)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Browser UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
48) Use-after-free (CVE-ID: CVE-2022-0978)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
49) Use-after-free (CVE-ID: CVE-2022-0979)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
50) Use-after-free (CVE-ID: CVE-2022-0980)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within New Tab Page in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
51) Type Confusion (CVE-ID: CVE-2022-1096)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
52) Use-after-free (CVE-ID: CVE-2022-1125)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Portals component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
53) Use-after-free (CVE-ID: CVE-2022-1127)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the QR Code Generator component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
54) Improperly implemented security check for standard (CVE-ID: CVE-2022-1128)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Web Share API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
55) Improperly implemented security check for standard (CVE-ID: CVE-2022-1129)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Full Screen Mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
56) Input validation error (CVE-ID: CVE-2022-1130)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in WebOTP component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
57) Use-after-free (CVE-ID: CVE-2022-1131)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Cast UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
58) Improperly implemented security check for standard (CVE-ID: CVE-2022-1132)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Virtual Keyboard in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
59) Use-after-free (CVE-ID: CVE-2022-1133)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
60) Type Confusion (CVE-ID: CVE-2022-1134)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
61) Use-after-free (CVE-ID: CVE-2022-1135)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Shopping Cart in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
62) Use-after-free (CVE-ID: CVE-2022-1136)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Tab Strip in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
63) Improperly implemented security check for standard (CVE-ID: CVE-2022-1137)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
64) Improperly implemented security check for standard (CVE-ID: CVE-2022-1138)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Web Cursor in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
65) Improperly implemented security check for standard (CVE-ID: CVE-2022-1139)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Background Fetch API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
66) Use-after-free (CVE-ID: CVE-2022-1141)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
67) Heap-based buffer overflow (CVE-ID: CVE-2022-1142)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
68) Heap-based buffer overflow (CVE-ID: CVE-2022-1143)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
69) Use-after-free (CVE-ID: CVE-2022-1144)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebUI in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
70) Use-after-free (CVE-ID: CVE-2022-1145)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Extensions in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
71) Improperly implemented security check for standard (CVE-ID: CVE-2022-1146)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Resource Timing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
72) Type Confusion (CVE-ID: CVE-2022-1232)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
73) Use-after-free (CVE-ID: CVE-2022-1305)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the storage component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
74) Improperly implemented security check for standard (CVE-ID: CVE-2022-1306)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in compositing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
75) Improperly implemented security check for standard (CVE-ID: CVE-2022-1307)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in full screen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
76) Use-after-free (CVE-ID: CVE-2022-1308)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the BFCache component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
77) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-1309)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in developer tools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
78) Use-after-free (CVE-ID: CVE-2022-1310)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the regular expressions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
79) Use-after-free (CVE-ID: CVE-2022-1311)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Chrome OS shell component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
80) Use-after-free (CVE-ID: CVE-2022-1312)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the storage component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
81) Use-after-free (CVE-ID: CVE-2022-1313)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within tab groups in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
82) Type Confusion (CVE-ID: CVE-2022-1314)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
83) Type Confusion (CVE-ID: CVE-2022-1364)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
84) Use-after-free (CVE-ID: CVE-2022-1477)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
85) Use-after-free (CVE-ID: CVE-2022-1478)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
86) Use-after-free (CVE-ID: CVE-2022-1479)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
87) Use-after-free (CVE-ID: CVE-2022-1480)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Device API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
88) Use-after-free (CVE-ID: CVE-2022-1481)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
89) Improperly implemented security check for standard (CVE-ID: CVE-2022-1482)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in WebGL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
90) Heap-based buffer overflow (CVE-ID: CVE-2022-1483)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebGPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
91) Heap-based buffer overflow (CVE-ID: CVE-2022-1484)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Web UI Settings. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
92) Use-after-free (CVE-ID: CVE-2022-1485)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File System API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
93) Type Confusion (CVE-ID: CVE-2022-1486)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
94) Use-after-free (CVE-ID: CVE-2022-1487)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Ozone in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
95) Improperly implemented security check for standard (CVE-ID: CVE-2022-1488)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
96) Out-of-bounds read (CVE-ID: CVE-2022-1489)
The vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the UI Shelf component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
97) Use-after-free (CVE-ID: CVE-2022-1490)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Browser Switcher in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
98) Use-after-free (CVE-ID: CVE-2022-1491)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
99) Input validation error (CVE-ID: CVE-2022-1492)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Blink Editing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
100) Use-after-free (CVE-ID: CVE-2022-1493)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Dev Tools in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
101) Input validation error (CVE-ID: CVE-2022-1494)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Trusted Types in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
102) Spoofing attack (CVE-ID: CVE-2022-1495)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
103) Use-after-free (CVE-ID: CVE-2022-1496)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
104) Improperly implemented security check for standard (CVE-ID: CVE-2022-1497)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
105) Improperly implemented security check for standard (CVE-ID: CVE-2022-1498)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in HTML Parser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
106) Improperly implemented security check for standard (CVE-ID: CVE-2022-1499)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebAuthentication in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
107) Input validation error (CVE-ID: CVE-2022-1500)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Dev Tools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
108) Improperly implemented security check for standard (CVE-ID: CVE-2022-1501)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in iframe in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
109) Use-after-free (CVE-ID: CVE-2022-1633)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Sharesheet implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
110) Use-after-free (CVE-ID: CVE-2022-1634)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Browser UI implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
111) Use-after-free (CVE-ID: CVE-2022-1635)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Permission Prompts implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
112) Use-after-free (CVE-ID: CVE-2022-1636)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Performance APIs. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
113) Input validation error (CVE-ID: CVE-2022-1637)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in Web Contents implementation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the system.
114) Use-after-free (CVE-ID: CVE-2022-1639)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ANGLE. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
115) Use-after-free (CVE-ID: CVE-2022-1640)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Sharing feature. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
116) Use-after-free (CVE-ID: CVE-2022-1641)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Web UI Diagnostics feature. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
117) Use-after-free (CVE-ID: CVE-2022-1853)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Indexed DB component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
118) Use-after-free (CVE-ID: CVE-2022-1854)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
119) Use-after-free (CVE-ID: CVE-2022-1855)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Messaging component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
120) Use-after-free (CVE-ID: CVE-2022-1856)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the User Education component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
121) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-1857)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
122) Out-of-bounds read (CVE-ID: CVE-2022-1858)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the DevTools component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
123) Use-after-free (CVE-ID: CVE-2022-1859)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Performance Manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
124) Use-after-free (CVE-ID: CVE-2022-1860)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the UI Foundations component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
125) Use-after-free (CVE-ID: CVE-2022-1861)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
126) Improperly implemented security check for standard (CVE-ID: CVE-2022-1862)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
127) Use-after-free (CVE-ID: CVE-2022-1863)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Tab Groups in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
128) Use-after-free (CVE-ID: CVE-2022-1864)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebApp Installs in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
129) Use-after-free (CVE-ID: CVE-2022-1865)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
130) Use-after-free (CVE-ID: CVE-2022-1866)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Tablet Mode in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
131) Input validation error (CVE-ID: CVE-2022-1867)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Data Transfer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
132) Improperly implemented security check for standard (CVE-ID: CVE-2022-1868)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
133) Type Confusion (CVE-ID: CVE-2022-1869)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
134) Use-after-free (CVE-ID: CVE-2022-1870)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within App Service in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
135) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-1871)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
136) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-1872)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
137) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-1873)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in COOP in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
138) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-1874)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Safe Browsing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
139) Improperly implemented security check for standard (CVE-ID: CVE-2022-1875)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in PDF in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
140) Heap-based buffer overflow (CVE-ID: CVE-2022-1876)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted HTML content in DevTools. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and crash the browser.
141) Use-after-free (CVE-ID: CVE-2022-2007)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebGPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
142) Out-of-bounds read (CVE-ID: CVE-2022-2010)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the compositing component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
143) Use-after-free (CVE-ID: CVE-2022-2011)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
144) Use-after-free (CVE-ID: CVE-2022-2156)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Base component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
145) Use-after-free (CVE-ID: CVE-2022-2157)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Interest groups component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
146) Type Confusion (CVE-ID: CVE-2022-2158)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
147) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-2160)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
148) Use-after-free (CVE-ID: CVE-2022-2161)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebApp Provider in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
149) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-2162)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
150) Use-after-free (CVE-ID: CVE-2022-2163)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use-after-free error in Cast UI and Toolbar in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
151) Improperly implemented security check for standard (CVE-ID: CVE-2022-2164)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
152) Input validation error (CVE-ID: CVE-2022-2165)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in URL formatting in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
153) Input validation error (CVE-ID: CVE-2022-22021)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing HTML content. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the system.
154) Code Injection (CVE-ID: CVE-2022-24475)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
155) Spoofing attack (CVE-ID: CVE-2022-24523)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can perform spoofing attack.
156) Code Injection (CVE-ID: CVE-2022-26891)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
157) Code Injection (CVE-ID: CVE-2022-26894)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
158) Code Injection (CVE-ID: CVE-2022-26895)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
159) Code Injection (CVE-ID: CVE-2022-26900)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
160) Spoofing attack (CVE-ID: CVE-2022-26905)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
161) Code Injection (CVE-ID: CVE-2022-26908)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
162) Code Injection (CVE-ID: CVE-2022-26909)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
163) Code Injection (CVE-ID: CVE-2022-26912)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
164) Input validation error (CVE-ID: CVE-2022-29144)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
165) Security restrictions bypass (CVE-ID: CVE-2022-29146)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions. A remote attacker can trick the victim to visit a specially crafted website, escape browser sandbox and execute arbitrary code on the system.
166) Input validation error (CVE-ID: CVE-2022-29147)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted website while using Edge in Internet Explorer Mode and bypass certain security restrictions.
167) Race condition (CVE-ID: CVE-2022-30127)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition. A remote attacker can trick the victim to visit a specially crafted web page, trigger a race condition and escape browser sandbox.
168) Race condition (CVE-ID: CVE-2022-30128)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition. A remote attacker can trick the victim to visit a specially crafted web page, trigger a race condition and escape browser sandbox.
169) Input validation error (CVE-ID: CVE-2022-30192)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.
170) Input validation error (CVE-ID: CVE-2022-33638)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.
171) Race condition (CVE-ID: CVE-2022-33639)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when processing HTML content. A remote attacker can trick the victim to visit a specially crafted web page, bypass browser sandbox and execute arbitrary code on the system.
Remediation
Install update from vendor's website.