Google Chrome Survey Memory Misreference Vulnerability (CNVD-2022-88285 )

2022-09-29T00:00:00

Description

Google Chrome is a web browser from Google, Inc. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a confusion in the command responsible for freeing memory in Survey. An attacker could exploit the vulnerability to crash the program.

Affected Software

CPE Name	Name	Version
	google chrome <106.	0.5249.62

{"id": "CNVD-2022-88285", "vendorId": null, "type": "cnvd", "bulletinFamily": "cnvd", "title": "Google Chrome Survey Memory Misreference Vulnerability (CNVD-2022-88285 )", "description": "Google Chrome is a web browser from Google, Inc. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a confusion in the command responsible for freeing memory in Survey. An attacker could exploit the vulnerability to crash the program.", "published": "2022-09-29T00:00:00", "modified": "2022-12-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-88285", "reporter": "China National Vulnerability Database", "references": [], "cvelist": ["CVE-2022-3306"], "immutableFields": [], "lastseen": "2022-12-20T11:25:05", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "chrome", "idList": ["GCSA-1086115085340398584", "GCSA-8820382610464526564"]}, {"type": "cve", "idList": ["CVE-2022-3306"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5244-1:E42C3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-3306"]}, {"type": "freebsd", "idList": ["18529CB0-3E9C-11ED-9BC7-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202210-16"]}, {"type": "mageia", "idList": ["MGASA-2022-0357"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5244.NASL", "FREEBSD_PKG_18529CB03E9C11ED9BC73065EC8FD3EC.NASL", "GENTOO_GLSA-202210-16.NASL", "GOOGLE_CHROME_106_0_5249_61.NASL", "MACOSX_GOOGLE_CHROME_106_0_5249_61.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-5244-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10138-1", "OPENSUSE-SU-2022:10139-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-3306"]}, {"type": "veracode", "idList": ["VERACODE:37459"]}]}, "score": {"value": 4.7, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "google chrome <106.", "version": 0}]}, "epss": [{"cve": "CVE-2022-3306", "epss": "0.000620000", "percentile": "0.243790000", "modified": "2023-03-20"}], "vulnersScore": 4.7}, "_state": {"dependencies": 1671535577, "score": 1684017724, "affected_software_major_version": 1671615170, "epss": 1679353574}, "_internal": {"score_hash": "a443f21ca369f06165e8601dc31eab7c"}, "vendorCVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "affectedSoftware": [{"version": "0.5249.62", "operator": "eq", "name": "google chrome <106."}]}

{"debiancve": [{"lastseen": "2023-06-03T18:10:04", "description": "Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T20:15:00", "type": "debiancve", "title": "CVE-2022-3306", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3306"], "modified": "2022-11-01T20:15:00", "id": "DEBIANCVE:CVE-2022-3306", "href": "https://security-tracker.debian.org/tracker/CVE-2022-3306", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-06-03T19:59:07", "description": "chromium is vulnerable to use after free. The vulnerability exists in Survey of the chromium browser which allows a remote attacker to potentially exploit heap corruption via a malicious HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-10T18:56:01", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3306"], "modified": "2022-12-09T17:19:39", "id": "VERACODE:37459", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37459/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-04T13:15:49", "description": "Use after free in survey in Google Chrome on ChromeOS prior to\n106.0.5249.62 allowed a remote attacker to potentially exploit heap\ncorruption via a crafted HTML page. (Chromium security severity: High)\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T00:00:00", "type": "ubuntucve", "title": "CVE-2022-3306", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3306"], "modified": "2022-11-01T00:00:00", "id": "UB:CVE-2022-3306", "href": "https://ubuntu.com/security/CVE-2022-3306", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-03T14:43:47", "description": "Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3306", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3306"], "modified": "2022-12-09T15:47:00", "cpe": [], "id": "CVE-2022-3306", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3306", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "chrome": [{"lastseen": "2023-06-03T20:04:50", "description": "The Stable channel is being updated to 106.0.5249.112 (Platform version: 15054.98.0) for most ChromeOS devices and will be rolled out over the next few days.\n\nFor Chrome browser fixes, see the [Chrome Desktop release announcement](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html>).\n\nIf you find new issues, please let us know one of the following ways:\n\n * [File a bug](<https://bugs.chromium.org/p/chromium/issues/list>) \n * Visit our Chrome OS communities\n * General: [Chromebook Help Community](<https://support.google.com/chromebook/community/?hl=en&gpf=%23!forum%2Fchromebook-central>)\n * Beta Specific: [ChromeOS Beta Help Community](<https://support.google.com/chromeos-beta/community>)\n * [Report an issue or send feedback on Chrome](<https://support.google.com/chrome/answer/95315?hl=en&co=GENIE.Platform%3DDesktop>)\n\nInterested in switching channels? [Find out how](<https://support.google.com/chromebook/answer/1086915>). \n\n\n\n\nPlease see the bug fixes and security updates:\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n[$3000] [[1343104](<https://bugs.chromium.org/p/chromium/issues/detail?id=1343104&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] High CVE-2022-3201 Insufficient validation of untrusted input in DevTools. Reported by NDevTK\n\n** \n**\n\n[$2000] [[1320139](<https://bugs.chromium.org/p/chromium/issues/detail?id=1320139&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] High CVE-2022-3306 Use-after-free in Ash. \n\n** \n**\n\n[$3000] [[1319229](<https://bugs.chromium.org/p/chromium/issues/detail?id=1319229&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] High CVE-2022-3305 Use-after-free in Ash. \n\n** \n**\n\n[$4000] [[1348415](<https://bugs.chromium.org/p/chromium/issues/detail?id=1348415&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] Medium CVE-2022-3309 Use-after-free in ChromOS. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.\n\n** \n**\n\n[$TBD] [[1363030](<https://bugs.chromium.org/p/chromium/issues/detail?id=1363030&q=Type%3DBug-Security%20label%3Amerge-merged-106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] Medium CVE-TBD Use-after-free in OverlayManager. \n\n** \n**\n\n[$5000] [[1343219](<https://bugs.chromium.org/p/chromium/issues/detail?id=1343219&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] Medium CVE-TBD Use-after-free in Ash. Reported by OP!.\n\n** \n**\n\n[$2000] [[1328708](<https://bugs.chromium.org/p/chromium/issues/detail?id=1328708&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] Medium CVE-2022-3314 Use-after-free in ChromeOS. \n\n** \n**\n\n[$TBD] [[1303306](<https://bugs.chromium.org/p/chromium/issues/detail?id=1303306&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] Medium CVE-2022-3312 Security: Locked devices. Reported by Andr. Ess.\n\n** \n**\n\n[$TBD] [[1314674](<https://bugs.chromium.org/p/chromium/issues/detail?id=1314674>)] Medium CVE-TBD Security: Use-after-free in ARC \n\n\n[$TBD] [[1318791](<https://bugs.chromium.org/p/chromium/issues/detail?id=1318791&q=Type%3DBug-Security%20label%3ARelease-0-M106%20OS%3DChrome%2CLacros%20-OS%3DWindows%2CMac%2CLinux%2CiOS%2CFuchsia%20-is%3Aopen&can=1>)] Low CVE-2022-3318 Use-after-free in ChromeOS. Reported by GraVity0\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n\n\n\nMatt Nelson\n\nGoogle ChromeOS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "chrome", "title": "Stable Channel Update for ChromeOS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3201", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3309", "CVE-2022-3312", "CVE-2022-3314", "CVE-2022-3318"], "modified": "2022-10-11T00:00:00", "id": "GCSA-1086115085340398584", "href": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-chromeos.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T20:04:52", "description": "The Chrome team is delighted to announce the promotion of Chrome 106 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.\n\n\n\nChrome 106.0.5249.61 ( Mac/linux) and 106.0.5249.61/62( Windows) contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/105.0.5195.125..106.0.5249.62?pretty=fuller&n=10000>). Watch out for upcoming[ ](<https://chrome.blogspot.com/>)[Chrome](<https://chrome.blogspot.com/>) and[ Chromium](<https://blog.chromium.org/>) blog posts about new features and big efforts delivered in 106.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [24](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-0-M106>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$9000][[1358907](<https://crbug.com/1358907>)] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01\n\n[$3000][[1343104](<https://crbug.com/1343104>)] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09\n\n[$TBD][[1319229](<https://crbug.com/1319229>)] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24\n\n[$TBD][[1320139](<https://crbug.com/1320139>)] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27\n\n[$TBD][[1323488](<https://crbug.com/1323488>)] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08\n\n[$7500][[1342722](<https://crbug.com/1342722>)] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08\n\n[$4000][[1348415](<https://crbug.com/1348415>)] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29\n\n[$1000][[1240065](<https://crbug.com/1240065>)] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16\n\n[$TBD][[1302813](<https://crbug.com/1302813>)] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04\n\n[$TBD][[1303306](<https://crbug.com/1303306>)] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06\n\n[$TBD][[1317904](<https://crbug.com/1317904>)] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20\n\n[$TBD][[1328708](<https://crbug.com/1328708>)] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24\n\n[$7000][[1322812](<https://crbug.com/1322812>)] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05\n\n[$5000][[1333623](<https://crbug.com/1333623>)] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07\n\n[$2000][[1300539](<https://crbug.com/1300539>)] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24\n\n[$TBD][[1318791](<https://crbug.com/1318791>)] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22\n\n[$3000][[1243802](<https://crbug.com/1243802>)]Low CVE-2022-3443:Insufficient data validation in File System API. \n\nReported by Maciej Pulikowski and Konrad Chrz\u0105szcz on 2021-08-27\n\n[$1000][[1208439](<https://crbug.com/1208439>)] Low CVE-2022-3444: Insufficient data validation in File System API. Reported by Archie Midha & Vallari Sharma on 2021-05-12\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1368115](<https://crbug.com/1368115>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://support.google.com/chrome/community>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3443", "CVE-2022-3444"], "modified": "2022-09-27T00:00:00", "id": "GCSA-8820382610464526564", "href": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-17T16:35:32", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5244 advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "Debian DSA-5244-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-11-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5244.NASL", "href": "https://www.tenable.com/plugins/nessus/165594", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5244. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165594);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/03\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Debian DSA-5244-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5244 advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 106.0.5249.61-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '106.0.5249.61-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:55", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-11-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_18529CB03E9C11ED9BC73065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/165507", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165507);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/04\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0388-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97263b93\");\n # https://vuxml.freebsd.org/freebsd/18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1468f7a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<106.0.5249.61'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:06", "description": "The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "Google Chrome < 106.0.5249.61 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3444"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_106_0_5249_61.NASL", "href": "https://www.tenable.com/plugins/nessus/165502", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165502);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\",\n \"CVE-2022-3444\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0379-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0388-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Google Chrome < 106.0.5249.61 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.61. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a\n remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI\n interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97263b93\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1358907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1343104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1319229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1320139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1323488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1342722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1348415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1302813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1303306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1328708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1322812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1333623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1300539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1318791\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 106.0.5249.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'106.0.5249.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:55", "description": "The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "Google Chrome < 106.0.5249.61 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3444"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_106_0_5249_61.NASL", "href": "https://www.tenable.com/plugins/nessus/165503", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165503);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\",\n \"CVE-2022-3444\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0379-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0388-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Google Chrome < 106.0.5249.61 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.61. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a\n remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI\n interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97263b93\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1358907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1343104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1319229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1320139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1323488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1342722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1348415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1302813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1303306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1328708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1322812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1333623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1300539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1318791\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 106.0.5249.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'106.0.5249.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T18:36:19", "description": "The remote host is affected by the vulnerability described in GLSA-202210-16 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-41035)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-3315, CVE-2022-3316, CVE-2022-3370, CVE-2022-3373)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\n - Use after free in Skia. (CVE-2022-3445)\n\n - Heap buffer overflow in WebSQL. (CVE-2022-3446)\n\n - Inappropriate implementation in Custom Tabs. (CVE-2022-3447)\n\n - Use after free in Permissions API. (CVE-2022-3448)\n\n - Use after free in Safe Browsing. (CVE-2022-3449)\n\n - Use after free in Peer Connection. (CVE-2022-3450)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-31T00:00:00", "type": "nessus", "title": "GLSA-202210-16 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-3445", "CVE-2022-3446", "CVE-2022-3447", "CVE-2022-3448", "CVE-2022-3449", "CVE-2022-3450", "CVE-2022-41035"], "modified": "2022-10-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:chromium-bin", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202210-16.NASL", "href": "https://www.tenable.com/plugins/nessus/166728", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202210-16.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166728);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/31\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\",\n \"CVE-2022-3370\",\n \"CVE-2022-3373\",\n \"CVE-2022-3445\",\n \"CVE-2022-3446\",\n \"CVE-2022-3447\",\n \"CVE-2022-3448\",\n \"CVE-2022-3449\",\n \"CVE-2022-3450\",\n \"CVE-2022-41035\"\n );\n\n script_name(english:\"GLSA-202210-16 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202210-16 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-41035)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-3315, CVE-2022-3316,\n CVE-2022-3370, CVE-2022-3373)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\n - Use after free in Skia. (CVE-2022-3445)\n\n - Heap buffer overflow in WebSQL. (CVE-2022-3446)\n\n - Inappropriate implementation in Custom Tabs. (CVE-2022-3447)\n\n - Use after free in Permissions API. (CVE-2022-3448)\n\n - Use after free in Safe Browsing. (CVE-2022-3449)\n\n - Use after free in Peer Connection. (CVE-2022-3450)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202210-16\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=873217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=873817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=874855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=876855\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-106.0.5249.119\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-106.0.5249.119\n \nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-106.0.5249.119\n \nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/microsoft-edge-106.0.1370.37\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3450\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-41035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'www-client/chromium',\n 'unaffected' : make_list(\"ge 106.0.5249.119\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.5249.119\")\n },\n {\n 'name' : 'www-client/chromium-bin',\n 'unaffected' : make_list(\"ge 106.0.5249.119\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.5249.119\")\n },\n {\n 'name' : 'www-client/google-chrome',\n 'unaffected' : make_list(\"ge 106.0.5249.119\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.5249.119\")\n },\n {\n 'name' : 'www-client/microsoft-edge',\n 'unaffected' : make_list(\"ge 106.0.1370.37\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.1370.37\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Chromium / Google Chrome / Microsoft Edge');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-09-30T09:27:02", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 106.0.5249.61-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.5}, "published": "2022-09-28T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-3306", "CVE-2022-3312", "CVE-2022-3310", "CVE-2022-3304", "CVE-2022-3317", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3305", "CVE-2022-3314", "CVE-2022-3311", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3201", "CVE-2022-3318", "CVE-2022-3313", "CVE-2022-3309"], "modified": "2022-09-30T09:26:57", "id": "OSV:DSA-5244-1", "href": "https://osv.dev/vulnerability/DSA-5244-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-06-04T18:11:40", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5244-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 \n CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 \n CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 \n CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 106.0.5249.61-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-28T19:41:14", "type": "debian", "title": "[SECURITY] [DSA 5244-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-09-28T19:41:14", "id": "DEBIAN:DSA-5244-1:E42C3", "href": "https://lists.debian.org/debian-security-announce/2022/msg00213.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-06-03T15:12:48", "description": "The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are: High CVE-2022-3304: Use after free in CSS. High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24 High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27 High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08 Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16 Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04 Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06 Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20 Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24 Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05 Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07 Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24 Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22 \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-05T05:23:49", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-10-05T05:23:49", "id": "MGASA-2022-0357", "href": "https://advisories.mageia.org/MGASA-2022-0357.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-03T15:04:37", "description": "\n\nChrome Releases reports:\n\nThis release contains 20 security fixes, including:\n\n[1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01\n[1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09\n[1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24\n[1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27\n[1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08\n[1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08\n[1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29\n[1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16\n[1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04\n[1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06\n[1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20\n[1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24\n[1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05\n[1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07\n[1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24\n[1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-09-27T00:00:00", "id": "18529CB0-3E9C-11ED-9BC7-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes 18 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 106.0.5249.91 (boo#1203808):\n\n * CVE-2022-3370: Use after free in Custom Elements\n * CVE-2022-3373: Out of bounds write in V8\n\n Uncludes changes from 106.0.5249.61:\n\n * CVE-2022-3304: Use after free in CSS\n * CVE-2022-3201: Insufficient validation of untrusted input in Developer\n Tools\n * CVE-2022-3305: Use after free in Survey\n * CVE-2022-3306: Use after free in Survey\n * CVE-2022-3307: Use after free in Media\n * CVE-2022-3308: Insufficient policy enforcement in Developer Tools\n * CVE-2022-3309: Use after free in Assistant\n * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs\n * CVE-2022-3311: Use after free in Import\n * CVE-2022-3312: Insufficient validation of untrusted input in VPN\n * CVE-2022-3313: Incorrect security UI in Full Screen\n * CVE-2022-3314: Use after free in Logging\n * CVE-2022-3315: Type confusion in Blink\n * CVE-2022-3316: Insufficient validation of untrusted input in Safe\n Browsing\n * CVE-2022-3317: Insufficient validation of untrusted input in Intents\n * CVE-2022-3318: Use after free in ChromeOS Notifications\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10139=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-10-03T00:00:00", "id": "OPENSUSE-SU-2022:10139-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WVCRR5JKWC4AEVTDL4IYBETTO2CE74I6/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes 18 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 106.0.5249.91 (boo#1203808):\n\n * CVE-2022-3370: Use after free in Custom Elements\n * CVE-2022-3373: Out of bounds write in V8\n\n includes changes from 106.0.5249.61:\n\n * CVE-2022-3304: Use after free in CSS\n * CVE-2022-3201: Insufficient validation of untrusted input in Developer\n Tools\n * CVE-2022-3305: Use after free in Survey\n * CVE-2022-3306: Use after free in Survey\n * CVE-2022-3307: Use after free in Media\n * CVE-2022-3308: Insufficient policy enforcement in Developer Tools\n * CVE-2022-3309: Use after free in Assistant\n * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs\n * CVE-2022-3311: Use after free in Import\n * CVE-2022-3312: Insufficient validation of untrusted input in VPN\n * CVE-2022-3313: Incorrect security UI in Full Screen\n * CVE-2022-3314: Use after free in Logging\n * CVE-2022-3315: Type confusion in Blink\n * CVE-2022-3316: Insufficient validation of untrusted input in Safe\n Browsing\n * CVE-2022-3317: Insufficient validation of untrusted input in Intents\n * CVE-2022-3318: Use after free in ChromeOS Notifications\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10138=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-10-03T00:00:00", "id": "OPENSUSE-SU-2022:10138-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YZBW4AE4VW4MIHPWQLMJEIBGACVXWAFW/", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2023-06-03T15:07:28", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium, Google Chrome, and Microsoft Edge. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-106.0.5249.119\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-106.0.5249.119\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-106.0.5249.119\"\n \n\nAll Microsoft Edge users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/microsoft-edge-106.0.1370.37\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-31T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-3445", "CVE-2022-3446", "CVE-2022-3447", "CVE-2022-3448", "CVE-2022-3449", "CVE-2022-3450", "CVE-2022-41035"], "modified": "2022-10-31T00:00:00", "id": "GLSA-202210-16", "href": "https://security.gentoo.org/glsa/202210-16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}

Google Chrome Survey Memory Misreference Vulnerability (CNVD-2022-88285 )

Description

Affected Software

Related