Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 31 |
CVE-ID | CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3071 CVE-2022-3075 CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 CVE-2022-38012 |
CWE-ID | CWE-416 CWE-122 CWE-358 CWE-20 CWE-264 CWE-787 CWE-119 |
Exploitation vector | Network |
Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #23 is being exploited in the wild. |
Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system www-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium-bin Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component |
Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 31 vulnerabilities.
EUVDB-ID: #VU66836
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2022-3038
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Network Service component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is known to be exploited in the wild.
Update the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU66837
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3039
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebSQL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66838
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66839
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3041
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebSQL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66840
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3042
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PhoneHub component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66841
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3043
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Screen Capture. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66842
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3044
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Site Isolation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66843
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in V8 component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66844
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3046
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Browser Tag component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66845
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3047
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66846
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3048
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Chrome OS lockscreen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66847
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3049
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within SplitScreen in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66848
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3050
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66849
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3051
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Exosphere. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66850
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3052
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Window Manager. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66851
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3053
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Pointer Lock in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66852
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3054
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66853
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3055
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Passwords in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66854
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3056
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Content Security Policy in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66855
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3057
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in iframe Sandbox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66856
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3058
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use-after-free error in Sign-In Flow in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66939
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3071
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Tab Strip component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66953
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2022-3075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Mojo component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU67354
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3195
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Storage. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67355
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3196
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67356
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3197
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67360
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3198
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67357
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3199
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Frames component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67358
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3200
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Internals. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67359
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-3201
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in DevTools component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66930
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-38012
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
CPE2.3https://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.