Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{"veracode": [{"lastseen": "2022-07-17T12:39:54", "description": "chromium is vulnerable to use after free. The vulnerability exists in Optimization Guide which allows an attacker to cause a memory corruption.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-20T05:48:53", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-23T17:29:37", "id": "VERACODE:34289", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34289/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gitlab": [{"lastseen": "2023-12-03T16:14:45", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-FF3BD63BDD01DCAB69F73F5C67C8E8D9", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Common.NETCore%2FGMS-2022-141.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-19T16:06:06", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-BE424589ED0C337DD3884B216A3892B2", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Common%2FGMS-2022-140.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T15:47:18", "description": "The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-5276A663FE45AAB11A41593871966211", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.OffScreen%2FGMS-2022-142.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:09:31", "description": "Use after free in Animation. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-34BA340EEEB0AC5BD42079A6FA2C932A", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf%2FGMS-2022-146.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T15:16:59", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-14506204EDDBCC426EDE99AF8BB58E00", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.WinForms.NETCore%2FGMS-2022-145.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T15:16:40", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-B95DA60B50B8780F2FE1144BC6D2A9EA", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.WinForms%2FGMS-2022-144.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:08:45", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-5C55E4CE507C85E21B1AFFF594C436B8", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf.HwndHost%2FGMS-2022-147.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T04:32:23", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-4645688CBD76D08EFF12D00465ABCA3B", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.OffScreen.NETCore%2FGMS-2022-143.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:09:03", "description": "Use after free in Animation. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-BAB522840703640933BAA696F2FDFDBD", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf.NETCore%2FGMS-2022-148.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-12-03T16:03:11", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:15:00", "type": "alpinelinux", "title": "CVE-2022-0609", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-08T17:14:00", "id": "ALPINE:CVE-2022-0609", "href": "https://security.alpinelinux.org/vuln/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2022-03-25T14:28:59", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability (CVE-2022-0609) in Google Chrome's web browser. The attack mainly targets firms situated in the United States, particularly those in the industries of news media, information technology, cryptocurrency, and finance. However, other organizations and countries are also on the list of attackers. The campaign begins by sending them phishing emails purporting to be from recruiters at Disney, Google, and Oracle, offering them false employment opportunities. The emails included links to bogus job-search websites such as Indeed and ZipRecruiter. Targets who clicked on the included malicious URLs were infected with drive-by browser malware downloads. The North Korean groups were utilizing an exploit kit (CVE-2022-0609) with hidden iframes embedded into a variety of websites. The attack kit may fingerprint target devices by collecting details like user-agent and screen resolution. After that the exploit kit executes a Chrome remote code execution hack capable of bypassing the lauded Chrome sandbox to move out onto the system. The Mitre TTPs commonly used by Lazarus Group are: TA0001: Initial AccessTA0007: DiscoveryTA0040: ImpactTA0009: CollectionTA0005: Defense EvasionTA0003: PersistenceTA0011: Command and ControlTA0042: Resource DevelopmentTA0002: ExecutionTA0008: Lateral MovementTA0006: Credential AccessTA0029: Privilege EscalationTA0010: ExfiltrationT1134.002: Access Token Manipulation: Create Process with TokenT1098: Account ManipulationT1583.001: Acquire Infrastructure: DomainsT1583.006: Acquire Infrastructure: Web ServicesT1071.001: Application Layer Protocol: Web ProtocolsT1010: Application Window DiscoveryT1560: Archive Collected DataT1560.002: Archive via LibraryT1560.003: Archive via Custom MethodT1547.001: Boot or Logon Autostart Execution: Registry Run Keys / Startup FolderT1547.009: Boot or Logon Autostart Execution: Shortcut ModificationT1110.003: Brute Force: Password SprayingT1059.003: Command and Scripting Interpreter: Windows Command ShellT1543.003: Create or Modify System Process: Windows ServiceT1485: Data DestructionT1132.001: Data Encoding: Standard EncodingT1005: Data from Local SystemT1001.003: Data Obfuscation: Protocol ImpersonationT1074.001: Data Staged: Local Data StagingT1491.001: Defacement: Internal DefacementT1587.001: Develop Capabilities: MalwareT1561.001: Disk Wipe: Disk Content WipeT1561.002: Disk Wipe: Disk Structure WipeT1189: Drive-by CompromiseT1573.001: Encrypted Channel: Symmetric CryptographyT1048.003: Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolT1041: Exfiltration Over C2 ChannelT1203: Exploitation for Client ExecutionT1008: Fallback ChannelsT1083: File and Directory DiscoveryT1564.001: Hide Artifacts: Hidden Files and DirectoriesT1562.001: Impair Defenses: Disable or Modify ToolsT1562.004: Impair Defenses: Disable or Modify System FirewallT1070.004: Indicator Removal on Host: File DeletionT1070.006: Indicator Removal on Host: TimestompT1105: Ingress Tool TransferT1056.001: Input Capture: KeyloggingT1036.005: Masquerading: Match Legitimate Name or LocationT1571: Non-Standard PortT1027: Obfuscated Files or InformationT1588.004: Obtain Capabilities: Digital CertificatesT1566.001: Phishing: Spearphishing AttachmentT1542.003: Pre-OS Boot: BootkitT1057: Process DiscoveryT1055.001: Process Injection: Dynamic-link Library InjectionT1090.002: Proxy: External ProxyT1012: Query RegistryT1021.001: Remote Services: Remote Desktop ProtocolT1021.002: Remote Services: SMB/Windows Admin SharesT1489: Service StopT1218.001: Signed Binary Proxy Execution: Compiled HTML FileT1082: System Information DiscoveryT1016: System Network Configuration DiscoveryT1033: System Owner/User DiscoveryT1529: System Shutdown/RebootT1124: System Time DiscoveryT1204.002: User Execution: Malicious FileT1047: Windows Management Instrumentation Actor Details Vulnerability Details Indicators of Compromise (IoCs) Patch https://www.google.com/intl/en/chrome/?standalone=1 References https://blog.google/threat-analysis-group/countering-threats-north-korea/", "cvss3": {}, "published": "2022-03-25T14:16:43", "type": "hivepro", "title": "North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-25T14:16:43", "id": "HIVEPRO:D7EA1CB0468E749402CDC827EECBB9DE", "href": "https://www.hivepro.com/north-korean-state-sponsored-threat-actor-lazarus-group-exploiting-chrome-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-15T15:29:27", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Google released a stable channel update for their Chrome browser that contains a zero-day vulnerability and is actively being exploited-in-wild. This is the first zero-day bug reported in Chrome browser this year. A Use-After-Free (UAF) vulnerability which has been assigned CVE-2022-0609 affects the Animation component that may allow attackers to corrupt data, crash program or execute arbitrary code on computers running unpatched Chrome versions or escape the browser's security sandbox. Successful exploitation of this issue may lead to data corruption, program crash or arbitrary code execution. In recent browser versions, a number of controls have been introduced that make exploitation of these use after free vulnerabilities much harder but despite this, they still seem to persist. In addition to the zero-day bug, this update fixed seven other security vulnerabilities as mentioned in the table below. We recommend organizations to update to Chrome 98.0.4758.102 for Windows, Mac and Linux to avoid exploitation and mitigate any potential threats. Potential MITRE ATT&CK TTPs are: TA0040 - Impact TA0001 - Initial Access TA0002 - Execution T1499- Endpoint Denial of Service T1189- Drive-by Compromise T1190- Exploit-public facing application T1203- Exploitation for Client Execution T1499.004- Endpoint Denial of Service: Application or System Exploitation Vulnerability Details Patch Link https://www.google.com/intl/en/chrome/?standalone=1 References https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html", "cvss3": {}, "published": "2022-02-15T14:31:12", "type": "hivepro", "title": "First zero-day vulnerability of Google Chrome this year actively exploited in wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-15T14:31:12", "id": "HIVEPRO:1BF741505EB0E48023B5A5F80FE0F3EB", "href": "https://www.hivepro.com/first-zero-day-vulnerability-of-google-chrome-this-year-actively-exploited-in-wild/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-30T07:42:21", "description": "For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10 gained the attention of Threat Actors and security researchers worldwide. Among these 10, there was 1 which is undergoing reanalysis, and 2 were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 10 CVEs that require immediate action. Furthermore, we also observed five threat actor groups being highly active in the last week. The Lapsus$, a new extortion threat actor group had attacked popular organizations such as Brazilian Ministry of Health, NVIDIA, Samsung, Vodafone, Ubisoft, Octa, and Microsoft for data theft and destruction, was observed using the Redline info-stealer. Additionally, North Korean state hackers known as Lazarus group, was exploiting the zero-day vulnerability in Google Chrome's web browser (CVE-2022-0609). AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted 50+ organizations is currently exploiting Proxy Shell vulnerabilities (CVE-2021-31206, CVE-2021-31207, CVE-2021-34523, CVE-2021-34473, CVE-2021-26855). The threat actor APT35 aka Magic Hound, an Iranian-backed threat group is exploiting the Proxy Shell vulnerabilities to attack organizations across the globe. Another South Korean APT group DarkHotel was targeting the hospitality industry in China. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section below. Detailed Report: Interesting Vulnerabilities: Vendor CVEs Patch Link CVE-2021-34484 CVE-2022-21919 https://central.0patch.com/auth/login CVE-2022-0609* CVE-2022-1096* https://www.google.com/intl/en/chrome/?standalone=1 CVE-2021-31206 CVE-2021-31207 CVE-2021-34523 CVE-2021-34473 CVE-2021-26855 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31206 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855 CVE-2022-0543 https://security-tracker.debian.org/tracker/CVE-2022-0543 Active Actors: Icon Name Origin Motive APT 35 (Magic Hound, Cobalt Illusion, Charming Kitten, TEMP.Beanie, Timberworm, Tarh Andishan, TA453, ITG18, Phosphorus, Newscaster) Iran Information theft and espionage AvosLocker Unknown Ecrime, Information theft, and Financial gain Lazarus Group (Labyrinth Chollima, Group 77, Hastati Group, Whois Hacking Team, NewRomanic Cyber Army Team, Zinc, Hidden Cobra, Appleworm, APT-C-26, ATK 3, SectorA01, ITG03) North Korea Information theft and espionage, Sabotage and destruction, Financial crime Lapsus$ (DEV-0537) Unknown Data theft and Destruction DarkHotel (APT-C-06, SIG25, Dubnium, Fallout Team, Shadow Crane, CTG-1948, Tungsten Bridge, ATK 52, Higaisa, TAPT-02, Luder) South Korea Information theft and espionage Targeted Location: Targeted Sectors: Common TTPs: TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion TA0006: Credential Access TA0007: Discovery TA0008: Lateral Movement TA0009: Collection TA0011: Command and Control TA0010: Exfiltration TA0040: Impact T1583: Acquire Infrastructure T1189: Drive-by Compromise T1059: Command and Scripting Interpreter T1098: Account Manipulation T1548: Abuse Elevation Control Mechanism T1548: Abuse Elevation Control Mechanism T1110: Brute Force T1010: Application Window Discovery T1021: Remote Services T1560: Archive Collected Data T1071: Application Layer Protocol T1048: Exfiltration Over Alternative Protocol T1485: Data Destruction T1583.001: Domains T1190: Exploit Public-Facing Application T1059.001: PowerShell T1547: Boot or Logon Autostart Execution T1134: Access Token Manipulation T1134: Access Token Manipulation T1110.003: Password Spraying T1083: File and Directory Discovery T1021.001: Remote Desktop Protocol T1560.003: Archive via Custom Method T1071.001: Web Protocols T1048.003: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1486: Data Encrypted for Impact T1583.006: Web Services T1133: External Remote Services T1059.005: Visual Basic T1547.006: Kernel Modules and Extensions T1134.002: Create Process with Token T1134.002: Create Process with Token T1056: Input Capture T1120: Peripheral Device Discovery T1021.002: SMB/Windows Admin Shares T1560.002: Archive via Library T1132: Data Encoding T1041: Exfiltration Over C2 Channel T1491: Defacement T1587: Develop Capabilities T1566: Phishing T1059.004: Unix Shell T1547.001: Registry Run Keys / Startup Folder T1547: Boot or Logon Autostart Execution T1564: Hide Artifacts T1056.004: Credential API Hooking T1057: Process Discovery T1021.004: SSH T1213: Data from Information Repositories T1132.001: Standard Encoding T1537: Transfer Data to Cloud Account T1491.001: Internal Defacement T1587.001: Malware T1566.001: Spearphishing Attachment T1059.003: Windows Command Shell T1547.009: Shortcut Modification T1547.006: Kernel Modules and Extensions T1564.001: Hidden Files and Directories T1056.001: Keylogging T1012: Query Registry T1005: Data from Local System T1001: Data Obfuscation T1561: Disk Wipe T1588: Obtain Capabilities T1199: Trusted Relationship T1203: Exploitation for Client Execution T1543: Create or Modify System Process T1547.001: Registry Run Keys / Startup Folder T1562: Impair Defenses T1003: OS Credential Dumping T1082: System Information Discovery T1074: Data Staged T1001.003: Protocol Impersonation T1561.001: Disk Content Wipe T1588.004: Digital Certificates T1078: Valid Accounts T1106: Native API T1543.003: Windows Service T1547.009: Shortcut Modification T1562.004: Disable or Modify System Firewall T1111: Two-Factor Authentication Interception T1016: System Network Configuration Discovery T1074.001: Local Data Staging T1573: Encrypted Channel T1561.002: Disk Structure Wipe T1588.006: Vulnerabilities T1053: Scheduled Task/Job T1133: External Remote Services T1543: Create or Modify System Process T1562.001: Disable or Modify Tools T1552: Unsecured Credentials T1033: System Owner/User Discovery T1056: Input Capture T1573.001: Symmetric Cryptography T1490: Inhibit System Recovery T1204: User Execution T1137: Office Application Startup T1543.003: Windows Service T1070: Indicator Removal on Host T1124: System Time Discovery T1056.004: Credential API Hooking T1008: Fallback Channels T1489: Service Stop T1204.002: Malicious File T1542: Pre-OS Boot T1068: Exploitation for Privilege Escalation T1070.004: File Deletion T1056.001: Keylogging T1105: Ingress Tool Transfer T1529: System Shutdown/Reboot T1047: Windows Management Instrumentation T1542.003: Bootkit T1055: Process Injection T1070.006: Timestomp T1571: Non-Standard Port T1053: Scheduled Task/Job T1055.001: Dynamic-link Library Injection T1036: Masquerading T1090: Proxy T1505: Server Software Component T1053: Scheduled Task/Job T1036.005: Match Legitimate Name or Location T1090.002: External Proxy T1505.003: Web Shell T1078: Valid Accounts T1027: Obfuscated Files or Information T1078: Valid Accounts T1027.006: HTML Smuggling T1027.002: Software Packing T1542: Pre-OS Boot T1542.003: Bootkit T1055: Process Injection T1055.001: Dynamic-link Library Injection T1218: Signed Binary Proxy Execution T1218.001: Compiled HTML File T1078: Valid Accounts T1497: Virtualization/Sandbox Evasion Threat Advisories: Microsoft\u2019s privilege escalation vulnerability that refuses to go away Google Chrome\u2019s second zero-day in 2022 Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities AvosLocker Ransomware group has targeted 50+ Organizations Worldwide North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability LAPSUS$ \u2013 New extortion group involved in the breach against Nvidia, Microsoft, Okta and Samsung DarkHotel APT group targeting the Hospitality Industry in China New Threat Actor using Serpent Backdoor attacking French Entities Muhstik botnet adds another vulnerability exploit to its arsenal", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-29T13:56:10", "type": "hivepro", "title": "Weekly Threat Digest: 21 \u2013 27 March 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26855", "CVE-2021-31206", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34484", "CVE-2021-34523", "CVE-2022-0543", "CVE-2022-0609", "CVE-2022-1096", "CVE-2022-21919"], "modified": "2022-03-29T13:56:10", "id": "HIVEPRO:E7F36EC1E4DCF018F94ECD22747B7093", "href": "https://www.hivepro.com/weekly-threat-digest-21-27-march-2022/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-12-03T15:19:47", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:15:00", "type": "debiancve", "title": "CVE-2022-0609", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-05T00:15:00", "id": "DEBIANCVE:CVE-2022-0609", "href": "https://security-tracker.debian.org/tracker/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-03-28T05:37:59", "description": "CVE-2022-0609: Use after free in Animation\n\n- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n- https://vulners.com/cve/CVE-2022-0609\n\nGoogle is aware of reports that exploits for CVE-2022-0609 exist in the wild.\n\nThe exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T21:51:19", "type": "osv", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-03-28T05:37:52", "id": "OSV:GHSA-VV6J-WW6X-54GX", "href": "https://osv.dev/vulnerability/GHSA-vv6j-ww6x-54gx", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:33", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEgInMg5oi0EuLT48UdHSduKG1gC3QcDY31qtxed-1eLVZHmLmB8WlxqvHc8R-sJTKH1US2u2oCIsGlm9hWzM_AxHS104Ld0Uu3NNK1_J7y0Peoq5ju3dD6temNu7yRQKMOZoLszL4i9VJjnGs9A_j6bQRDzyi6d90sA94gk0bv7qQ2QhbM063DW4_DD>)\n\nGoogle on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022.\n\nThe shortcoming, tracked **CVE-2022-0609**, is described as a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems.\n\n\"Google is aware of reports that an exploit for **CVE-2022-0609** exists in the wild,\" the company [said](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) in a characteristically brief statement acknowledging active exploitation of the flaw. Credited with discovering and reporting the flaw are Adam Weidemann and Cl\u00e9ment Lecigne of Google's Threat Analysis Group (TAG).\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEhw_zmtHqnXqaJefS7oZvh28qsxonD53oGecFvi_dhJmSWdL-G6nLJJofAgUuHYiNJ4LK8f3Sx-dUK2u2NjZkZWNh9NIbuWElXZzkaMTS74E0MA9uCJmd_cqoWj5T6ytx9I936Vwjxz_rIsv65CDhPE6TaInytmKM7LDh3D7Kw4TPdq6yPiJOLiQu2T>)\n\nAlso addressed by Google four other use-after-free flaws impacting File Manager, Webstore API, [ANGLE](<https://en.wikipedia.org/wiki/ANGLE_\\(software\\)>), and GPU, a heap buffer overflow bug in Tab Groups, an integer overflow in Mojo, and an issue with inappropriate implementation in Gamepad API.\n\nGoogle Chrome users are highly recommended to update to the latest version 98.0.4758.102 for Windows, Mac, and Linux to mitigate any potential threats. It's worth noting that Google had addressed [17 zero-day flaws](<https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html>) in Chrome in 2021.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-15T05:06:00", "type": "thn", "title": "New Chrome 0-Day Bug Under Active Attack \u2013 Update Your Browser ASAP!", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-16T04:13:12", "id": "THN:A7304742B34CEB82ECB0DB1AE4DD7116", "href": "https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-22T08:18:10", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjYQKkzY_-mItw25Wa6aQD0IVkkL1G7_qgOa1tw2npjUQUrl-xwgz9g1wJ9Q1Drav9iy8Q0Dhj9J_9szRCLzM0vldk7WEUr_x93_N9pMzqV1mYPdl59j5aD2CPYNqmwrl9vQ6WKwvh3LXtyOvVytBIfLsknbKJ0EfpukdsnLKVPF7TcKzlg6dAS7Mzr/s728-e365/supply-chain-hack.png>)\n\nThe supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors.\n\nGoogle-owned Mandiant, which is [tracking](<https://thehackernews.com/2023/04/lazarus-sub-group-labyrinth-chollima.html>) the attack event under the moniker **UNC4736**, [said](<https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise>) the incident marks the first time it has seen a \"software supply chain attack lead to another software supply chain attack.\"\n\nThe Matryoshka doll-style cascading attack against 3CX first came to light on March 29, 2023, when it [emerged](<https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html>) that Windows and macOS versions of its communication software were trojanized to deliver a C/C++-based data miner named ICONIC Stealer by means of a downloader, SUDDENICON, that used icon files hosted on GitHub to extract the server containing the stealer.\n\n\"The malicious application next attempts to steal sensitive information from the victim user's web browser,\" the U.S. Cybersecurity and Infrastructure Security Agency (CISA) [said](<https://www.cisa.gov/news-events/alerts/2023/04/20/cisa-releases-malware-analysis-report-iconicstealer>) in an analysis of the malware. \"Specifically it will target the Chrome, Edge, Brave, or Firefox browsers.\"\n\nSelect attacks targeting cryptocurrency companies also entailed the deployment of a next-stage backdoor referred to as [Gopuram](<https://thehackernews.com/2023/04/cryptocurrency-companies-targeted-in.html>) that's capable of running additional commands and interacting with the victim's file system.\n\nMandiant's [investigation](<https://www.3cx.com/blog/news/mandiant-security-update2/>) into the sequence of events has now revealed the patient zero to be a malicious version of a now-discontinued software provided by a fintech company called Trading Technologies, which was downloaded by a 3CX employee to their personal computer.\n\nIt described the initial intrusion vector as \"a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER.\"\n\nThis rogue installer, in turn, contained a setup binary that dropped two trojanized DLLs and an innocuous executable, the latter of which is used to side-load one of the DLLs that's camouflaged as a legitimate dependency.\n\nThe attack chain then made use of open source tools like [SIGFLIP](<https://github.com/med0x2e/SigFlip>) and [DAVESHELL](<https://github.com/monoxgas/sRDI>) to ultimately extract and execute VEILEDSIGNAL, a multi-stage modular backdoor written in C that's capable of sending data, executing shellcode, and terminating itself.\n\nThe initial compromise of the employee's personal computer using VEILEDSIGNAL enabled the threat actor to obtain the individual's corporate credentials, two days after which the first unauthorized access of 3CX's network took place via a VPN by taking advantage of the stolen credentials.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg1Aa0J-PjfF3a8lrSsfLYwzoSdG9KMyAfGVzxuV8Jwbp6rWpk9rgkLYWsnRs5TZUDZHDH7DE7uOJrg1jmlns4f6uc08rKfGSQLSPo_DnPYQIQkCLU2yWA7F0_FB82FTYu4l_mLXuCzetcjz-kIpq-tuBo_hZselMf1bnDtKtF8lHr2B_6ZED92oT-Z4w/s728-e365/mm.png>)\n\nBesides identifying tactical similarities between the compromised X_TRADER and 3CXDesktopApp apps, Mandiant found that the threat actor subsequently laterally moved within the 3CX environment and breached the Windows and macOS build environments.\n\n\"On the Windows build environment, the attacker deployed a TAXHAUL launcher and COLDCAT downloader that persisted by performing DLL side-loading through the IKEEXT service and ran with LocalSystem privileges,\" Mandiant said. \"The macOS build server was compromised with POOLRAT backdoor using Launch Daemons as a persistence mechanism.\"\n\nPOOLRAT, previously classified by the threat intelligence firm as SIMPLESEA, is a C/C++ macOS implant capable of collecting basic system information and executing arbitrary commands, including carrying out file operations.\n\nUNC4736 is suspected to be a threat group with North Korean nexus, an assessment that's been reinforced by ESET's [discovery](<https://thehackernews.com/2023/04/lazarus-group-adds-linux-malware-to.html>) of an overlapping command-and-control (C2) domain (journalide[.]org) employed in the supply chain attack and that of a Lazarus Group campaign called Operation Dream Job.\n\nEvidence gathered by Mandiant shows that the group exhibits commonalities with another intrusion set tracked as [Operation AppleJeus](<https://thehackernews.com/2022/12/north-korean-hackers-spread-applejeus.html>), which has a track record of carrying out financially motivated attacks.\n\nWhat's more, the breach of Trading Technologies' website is said to have taken place in early February 2022 to activate a [multi-stage infection chain](<https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html>) responsible for serving unknown payloads to the site visitors by weaponizing a then zero-day flaw in Google Chrome ([CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>)).\n\n\"The site www.tradingtechnologies[.]com was compromised and hosting a hidden IFRAME to exploit visitors, just two months before the site was known to deliver a trojanized X_TRADER software package,\" Mandiant explained.\n\nAnother link connecting it to AppleJeus is the threat actor's previous use of an older version of POOLRAT as part of a [long-running campaign](<https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a>) disseminating booby-trapped trading applications like [CoinGoTrade](<https://www.cisa.gov/news-events/analysis-reports/ar21-048e>) to facilitate cryptocurrency theft.\n\nThe entire scale of the campaign remains unknown, and it's currently not clear if the compromised X_TRADER software was used by other firms. The platform was purportedly decommissioned in April 2020, but it was still available to download from the site in 2022.\n\n3CX, in an [update](<https://www.3cx.com/blog/news/security-action-plan/>) shared on April 20, 2023, said it's taking steps to harden its systems and minimize the risk of nested software-in-software supply chain attacks by enhancing product security, incorporating tools to ensure the integrity of its software, and establishing a new department for Network Operations and Security.\n\n\"Cascading software supply chain compromises demonstrate that North Korean operators can exploit network access in creative ways to develop and distribute malware, and move between target networks while conducting operations aligned with North Korea's interests,\" Mandiant said.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-04-21T09:55:00", "type": "thn", "title": "N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-04-22T06:56:47", "id": "THN:4548AA82E9B35A1EFE8DBB8D3D9464D4", "href": "https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:25", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhb0TU4PRkcBXaBPsOFb0SjZitrfNUAz50SZ59ScVz8afhB3rGrhOGWwrqnqAwvQ-glDseEhe7X4Moo5jmATZL-AbZ1zSB0tAd6QPCJqZQXxrHfjHo1RBEybYwnRFQ8axJEwCceOG_FN1Y-DG3ZRhOFrlclTKjtafCS8bDD6dTOhZWgUnp6BmPO_qaB/s728-e100/north-korea-cyber-attack.jpg>)\n\nGoogle's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.\n\nThe campaigns, once again \"reflective of the regime's immediate concerns and priorities,\" are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks [aimed at security researchers](<https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html>) last year.\n\nThe shortcoming in question is [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a use-after-free vulnerability in the browser's Animation component that Google addressed as part of updates (version 98.0.4758.102) issued on February 14, 2022. It's also the first zero-day flaw patched by the tech giant since the start of 2022.\n\n\"The earliest evidence we have of this exploit kit being actively deployed is January 4, 2022,\" Google TAG researcher Adam Weidemann [said](<https://blog.google/threat-analysis-group/countering-threats-north-korea/>) in a report. \"We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques.\"\n\nThe first campaign, consistent with TTPs associated with what Israeli cybersecurity firm ClearSky described as \"[Operation Dream Job](<https://www.clearskysec.com/operation-dream-job/>)\" in August 2020, was directed against over 250 individuals working for 10 different news media, domain registrars, web hosting providers, and software vendors, luring them with fake job offers from companies like Disney, Google, and Oracle.\n\nThe usage of phony job listings is a time-tested tactic of North Korean nation-state groups, which, earlier this January, was [found impersonating](<https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html>) the American global security and aerospace company Lockheed Martin to distribute malware payloads to target individuals seeking jobs in the aerospace and defense industry.\n\n\"The double scenario of espionage and money theft is unique to North Korea, which operates intelligence units that steal both information and money for their country,\" ClearSky researchers noted at the time.\n\nThe second activity cluster that's believed to have leveraged the same Chrome zero-day relates to [Operation AppleJeus](<https://thehackernews.com/2021/02/north-korean-hackers-targeting-defense.html>), which compromised at least two legitimate fintech company websites to serve the exploit to no less than 85 users.\n\nThe [exploit kit](<https://www.virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685>), according to Google TAG, is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control.\n\n\"In other cases, we observed fake websites \u2014 already set up to distribute trojanized cryptocurrency applications \u2014 hosting [iframes](<https://en.wikipedia.org/wiki/HTML_element#Frames>) and pointing their visitors to the exploit kit,\" Weidemann said.\n\nThe initial stage encompassed a reconnaissance phase to fingerprint the targeted machines that was then followed by serving the remote code execution (RCE) exploit, which, when successful, led to the retrieval of a second-stage package engineered to escape the sandbox and carry out further post-exploitation activities.\n\nGoogle TAG, which discovered the intrusions on February 10, noted that it was \"unable to recover any of the stages that followed the initial RCE,\" emphasizing that the threat actors made use of several safeguards, including the use of AES encryption, designed explicitly to obscure their tracks and hinder the recovery of intermediate stages.\n\nAdditionally, the campaigns checked for visitors using non-Chromium based browsers such as Safari on macOS or Mozilla Firefox (on any operating system), redirecting the victims to specific links on known exploitation servers. It's not immediately clear if any of those attempts were fruitful.\n\nThe findings come as threat intelligence company Mandiant [mapped](<https://www.mandiant.com/resources/mapping-dprk-groups-to-government>) different Lazarus sub-groups to various government organizations in North Korea, including the Reconnaissance General Bureau (RGB), the United Front Department (UFD), and the Ministry of State Security (MSS).\n\nLazarus is the umbrella moniker collectively referring to malicious cyber and financial crime operations originating from the heavily-sanctioned hermit kingdom, in the same manner [Winnti](<https://malpedia.caad.fkie.fraunhofer.de/actor/winnti_umbrella>) and [MuddyWater](<https://thehackernews.com/2022/03/iranian-hackers-targeting-turkey-and.html>) function as a conglomerate of multiple teams to help further China and Iran's geopolitical and national security objectives.\n\n\"North Korea's intelligence apparatus possesses the flexibility and resilience to create cyber units based on the needs of the country,\" Mandiant researchers said. \"Additionally overlaps in infrastructure, malware, and tactics, techniques and procedures indicate there are shared resources amongst their cyber operations.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-25T06:45:00", "type": "thn", "title": "North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-26T02:04:01", "id": "THN:87B95415D8745E9CCD461A9997E67EFE", "href": "https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:26", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhe4kI4fPWEvYG9ia8i9jo4TGUExUqxfVYERYGlXDOHtolech2eDZ1t68Ygq-Rm2KyDOptmayUsQQ8KWRS6YLPsnNM81pe5p-m9VRQ3jW80R7QesFXZ6BrtdfsBk9_pvdaAJUbvRR8si8Ro0mR-XltTDsPJ-2gNPRTn6yVm8yNWyn9cPdTUYrX5TsGA/s728-e100/chrome-update.jpg>)\n\nGoogle on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.\n\nTracked as [**CVE-2022-1096**](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>), the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.\n\nType confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that's incompatible to what was originally initialized, could have serious consequences in languages that are not [memory safe](<https://en.wikipedia.org/wiki/Memory_safety>) like C and C++, enabling a malicious actor to perform out-of-bounds memory access.\n\n\"When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution,\" MITRE's Common Weakness Enumeration (CWE) [explains](<https://cwe.mitre.org/data/definitions/843.html>).\n\nThe tech giant acknowledged it's \"aware that an exploit for CVE-2022-1096 exists in the wild,\" but stopped short of sharing additional specifics so as to prevent further exploitation and until a majority of users are updated with a fix.\n\nCVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year, the first being [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a use-after-free vulnerability in the Animation component that was patched on February 14, 2022.\n\nEarlier this week, Google's Threat Analysis Group (TAG) [disclosed](<https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html>) details of a twin campaign staged by North Korean nation-state groups that weaponized the flaw to strike U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries.\n\nGoogle Chrome users are highly recommended to update to the latest version 99.0.4844.84 for Windows, Mac, and Linux to mitigate any potential threats. Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-26T02:11:00", "type": "thn", "title": "Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096"], "modified": "2022-03-26T02:11:38", "id": "THN:EC6517AAC0BD5D8BBC4C4D32420CA903", "href": "https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:28", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhpjCuGD4WXaNN6nxKO5EalNHXrEO1r2PgkwQYS5Z4fg1J1iNhNuSZu4tqOM6Ohl9vpp6QyHLYCS9rWACrVbbaIJUPQ9rTXrZPXmPG7SMzGybYouS2Gy54kBSr90hQqQD0npkDgUM7qiCLvQEpG86SHqny5-bN6yTHLRxPBtls52iaOhN5Ui-sM9RZ4/s728-e100/chrome-extensions.jpg>)\n\nGoogle on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.\n\nTracked as [CVE-2022-1364](<https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html>), the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Cl\u00e9ment Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022.\n\nAs is typically the case with actively exploited zero-day flaws, the company acknowledged it's \"aware that an exploit for CVE-2022-1364 exists in the wild.\" Additional details about the flaw and the identity of the threat actors have been withheld to prevent further abuse.\n\nWith the latest fix, Google has patched a total of three zero-day vulnerabilities in Chrome since the start of the year. It's also the second type confusion-related bug in V8 to be squashed in less than a month -\n\n * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh6B83ZXigpC9fguwiLwmsTF6j73zc5NEtpSNiGfAAl-clSHcXVa31RbaQfOCfKesHRCqidahWfYEq_lTb6Wo-qPTz15of2-8gP75by67zdsyHfHawMXYaPWSZQLF1KIVi7jyn0uf4bWxBN0j73AHcGrmJOkXRdboYNb6jCKG2veHy3dPK8riejHmuo/s728-e100/chrome-update.jpg>)\n\nUsers are recommended to update to version 100.0.4896.127 for Windows, macOS, and Linux to thwart potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-15T03:25:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364"], "modified": "2022-04-18T03:04:38", "id": "THN:E48AEFF468AB8445D91A32B6F5D7A770", "href": "https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-05T16:25:13", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPIpWOjahlvRij54ICh2NyDdEkKI9koTk4lx8UXqPG1hBOVokLO1jZE7QvnnAHX4fw21sdwK34cVKndChvGxTI0QScuSjwYGvpLSpuK9FSFbuXtXzoaxwm6I78OZwM-uyBKf7_r18ShybiBxFrmBcIKJ7pAD2BPSMaEVwJzpBkK1kNSbrrtJ6AmkPk/s728-e100/chrome-update.jpg>)\n\nGoogle on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.\n\nThe shortcoming, tracked as [**CVE-2022-2294**](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>), relates to a heap overflow flaw in the [WebRTC](<https://en.wikipedia.org/wiki/WebRTC>) component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.\n\nHeap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the [heap area of the memory](<https://en.wikipedia.org/wiki/Memory_management#Manual_memory_management>), leading to arbitrary code execution or a denial-of-service (DoS) condition.\n\n\"Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code,\" MITRE [explains](<https://cwe.mitre.org/data/definitions/122.html>). \"When the consequence is arbitrary code execution, this can often be used to subvert any other security service.\"\n\nCredited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Threat Intelligence team. It's worth pointing out that the bug also [impacts](<https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html>) the Android version of Chrome.\n\nAs is usually the case with zero-day exploitation, details pertaining to the flaw as well as other specifics related to the campaign have been withheld to prevent further abuse in the wild and until a significant chunk of users are updated with a fix.\n\nCVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\nThe disclosure shortly follows a report from Google Project Zero, which [noted](<https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html>) that a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild so far this year.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T02:55:00", "type": "thn", "title": "Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294"], "modified": "2022-07-05T13:54:52", "id": "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "href": "https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-17T15:25:34", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3_bb3VbAiNI0HLVud2PvXV4VExBpknt5lLSc3IAtymjftt7sn5yG-gY7yWqZ7D13YpvQEhW_EH4K62wzm6dC_qDTQQokydIY0LHI2Ivvv6v5ShPJk8fOOoh0yQrASsDwCREknRK5SCrggAETbG4yY7w0t3uG53Dnpf3ckvBXKygsIpNHrnmHDrimR/s728-e100/chrome.png>)\n\nGoogle on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.\n\nTracked as **CVE-2022-2856**, the issue has been described as a case of insufficient validation of untrusted input in [Intents](<https://www.chromium.org/developers/web-intents-in-chrome/>). Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.\n\nAs is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. \"Google is aware that an exploit for CVE-2022-2856 exists in the wild,\" it [acknowledged](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) in a terse statement.\n\nThe latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.\n\nThe development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n\nUsers are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T12:02:00", "type": "thn", "title": "New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856"], "modified": "2022-08-17T13:41:27", "id": "THN:EDC4E93542AFAF751E67BF527C826DA4", "href": "https://thehackernews.com/2022/08/new-google-chrome-zero-day.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T06:03:15", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e100/chrome-update.jpg>)\n\nGoogle on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild.\n\nThe issue, assigned the identifier **CVE-2022-3075**, concerns a case of insufficient data validation in [Mojo](<https://chromium.googlesource.com/chromium/src/+/HEAD/mojo/README.md>), which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).\n\nAn anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,\" the internet giant [said](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>), without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw.\n\nThe latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n\nUsers are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-03T03:56:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-06T04:20:05", "id": "THN:0ADE883013E260B4548F6E16D65487D3", "href": "https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-28T12:06:14", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhv36XpOZ1dAQAOtoI2FJrLTIwbrZmkU8pIotJv8smSt1yHSR5Sbs9DtPNusAAMvajmGc-st695EsqO3w1aNTpm9vxASuSHCLI61DemGb3LaAMW7MDDLo4j30s4iE1DZr2UeTpkEHlUc-WwTo0zqCxLNMlSHPLCRNEDT4wpaWQjgJMl3KhUpK7MKa2Z/s728-e100/chrome-zero-day-vulnerability.jpg>)\n\nGoogle on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser.\n\nThe [vulnerability](<https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html>), tracked as **CVE-2022-3723**, has been described as a type confusion flaw in the V8 JavaScript engine.\n\nSecurity researchers Jan Vojt\u011b\u0161ek, Mil\u00e1nek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild,\" the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks.\n\nCVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) and [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>).\n\nThe latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n\nUsers are recommended to upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-28T10:40:00", "type": "thn", "title": "Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723"], "modified": "2022-10-28T10:58:12", "id": "THN:222F7713CA968509F8C385BA29B0B6A5", "href": "https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-26T04:08:15", "description": "[ ](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEikPLibtmTn8N2H14UEsCbQi0mXDkp7d4sxfUThlf9SHApnBVQaXlzTa5_Y_GROcH_HN9A8cDTE0iaRtCHiFqthOucxRIZyrjEzXxqkiX0DQPciOOULFnJ0I4aob50-m5id5elUHNKFtdF-5Ep-jdQVcYtFgUVENLsQkZIYWjXsuoDDYF_UBh0lc0o2/s728-e100/chrome-update.png>)\n\nGoogle on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.\n\nTracked as **CVE-2022-4135**, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.\n\nHeap-based buffer overflow bugs can be [weaponized](<https://cwe.mitre.org/data/definitions/122.html>) by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.\n\n\"Google is aware that an exploit for CVE-2022-4135 exists in the wild,\" the tech giant [acknowledged](<https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html>) in an advisory.\n\nBut like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and to prevent further abuse.\n\nWith the latest update, Google has resolved eight zero-day vulnerabilities in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to upgrade to version 107.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-25T13:12:00", "type": "thn", "title": "Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135"], "modified": "2022-11-26T04:07:40", "id": "THN:FFFF05ECDE44C9ED26B53D328B60689B", "href": "https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-05T06:08:51", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi3-1t-O1Y4Oqvj24RGfItVIc7r4d1BOuWfRH4xG5ilh6GX83VydcDH0Fs1xqW5JUvFrpLzvA9ifqmf2lHts3lgA5VStlmb7c1Msk0yFUv5qzEgEjiU3_EPqVJlK4Z6uzMUFoKmnDAHWtOXsYNv7vEG8yG9H-NwH46z-Z7nAKiihKDF7bzl_Y20QXxS/s728-e100/chrome.png>)\n\nSearch giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.\n\nThe high-severity flaw, tracked as [CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>), concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.\n\nType confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.\n\nAccording to the NIST's National Vulnerability Database, the flaw [permits](<https://nvd.nist.gov/vuln/detail/CVE-2022-4262>) a \"remote attacker to potentially exploit heap corruption via a crafted HTML page.\"\n\nGoogle acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.\n\nCVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also the ninth zero-day flaw attackers have exploited in the wild in 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-4135**](<https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html>) \\- Heap buffer overflow in GPU\n\nUsers are recommended to upgrade to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T04:41:00", "type": "thn", "title": "Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-05T04:33:44", "id": "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "href": "https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-22T06:15:45", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgZHl6k4oDcDZIeMyn-D9yVl2cKVZR7gjBWh6bBxJbEULv_KWn-eqw49Sdb0Ka6xPayVaB4pIO5owFlURA0E9I2-PdvgDGtNMyKWCW8lzMxgiN3I9CHh0u1e9vo26FnnLw2b-Wdz8n1I88qc_gTttG0rvLYibyDjqN_RVBo3-wyWOnMMfwnp7ABBeAm/s728-e365/cyber.png>)\n\nAs many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple.\n\nWhile this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage.\n\nThe [findings](<https://www.mandiant.com/resources/blog/zero-days-exploited-2022>) come from threat intelligence firm Mandiant, which noted that desktop operating systems (19), web browsers (11), IT and network management products (10), and mobile operating systems (six) accounted for the most exploited product types.\n\nOf the 55 zero-day bugs, 13 are estimated to have been abused by cyber espionage groups, with four others exploited by financially motivated threat actors for ransomware-related operations. Commercial spyware vendors were linked to the exploitation of three zero-days.\n\nAmong state-sponsored groups, those attributed to China have emerged as the most prolific, exploiting seven zero-days \u2013 [CVE-2022-24682](<https://nvd.nist.gov/vuln/detail/CVE-2022-24682>), [CVE-2022-1040](<https://nvd.nist.gov/vuln/detail/cve-2022-1040>), [CVE-2022-30190](<https://nvd.nist.gov/vuln/detail/cve-2022-30190>), [CVE-2022-26134](<https://nvd.nist.gov/vuln/detail/cve-2022-26134>), [CVE-2022-42475](<https://nvd.nist.gov/vuln/detail/CVE-2022-42475>), [CVE-2022-27518](<https://nvd.nist.gov/vuln/detail/CVE-2022-27518>), and [CVE-2022-41328](<https://nvd.nist.gov/vuln/detail/CVE-2022-41328>) \u2013 during the year.\n\nMuch of the exploitation has focused on vulnerabilities in edge network devices such as firewalls for obtaining initial access. Various China-nexus clusters have also been spotted leveraging a flaw in Microsoft Diagnostics Tool (aka [Follina](<https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html>)) as part of disparate campaigns.\n\n\"Multiple separate campaigns may indicate that the zero-day was distributed to multiple suspected Chinese espionage clusters via a digital quartermaster,\" Mandiant said, adding it points to the \"existence of a shared development and logistics infrastructure and possibly a centralized coordinating entity.\"\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEghvv2ON0KuMYU_A66ACBnDNOedHXXm9esTHnqmv2Iv0hj1cKgUP7khvol-pqQkCtZkKB5wYKHYdvIXy64RhYmglViiQiUj8W7hT_JeHedtRaB81VvQ-ygoEroeH6lgJPmfF_8ilpsiUOGF-WClsVp3FAK31FS92krRYrs-2iDr_0tpMTrYSxjo2ABo/s728-e365/zero-day.png>)\n\nNorth Korean and Russian threat actors, on the other hand, have been linked to the exploitation of two zero-days each. This includes [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>), [CVE-2022-41128](<https://nvd.nist.gov/vuln/detail/CVE-2022-41128>), [CVE-2022-30190](<https://nvd.nist.gov/vuln/detail/cve-2022-30190>), and [CVE-2023-23397](<https://nvd.nist.gov/vuln/detail/cve-2023-23397>).\n\nThe disclosure comes as threat actors are also [getting better](<https://thehackernews.com/2022/11/microsoft-warns-of-uptick-in-hackers.html>) at turning newly disclosed vulnerabilities into powerful exploits for breaching a wide range of targets across the world.\n\n\"While the discovery of zero-day vulnerabilities is a resource-intensive endeavor and successful exploitation is not guaranteed, the total number of vulnerabilities disclosed and exploited has continued to grow, the types of targeted software, including Internet of Things (IoT) devices and cloud solutions, continue to evolve, and the variety of actors exploiting them has expanded,\" Mandiant said.\n\nThe Mandiant report also follows a [warning](<https://blogs.microsoft.com/on-the-issues/2023/03/15/russia-ukraine-cyberwarfare-threat-intelligence-center/>) from [Microsoft](<https://www.microsoft.com/en-us/security/business/security-insider/>)'s Digital Threat Analysis Center about Russia's persistent kinetic and cyber targeting as the war in Ukraine continues into the second year.\n\nThe tech giant said since January 2023 it has observed \"Russian cyber threat activity adjusting to boost destructive and intelligence gathering capacity on Ukraine and its partners' civilian and military assets.\"\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiQhaBwuZo78Pwviv9QZCpqOipd9bApQZ60Y5ORfqu6m5HRo8noH5j4F81Tb-tG7fjqQhdX6q1bGHf1HzmF4sxjRIdjjD3ZIGBOdao0QDitnBVuvKQbnbBy5Ax4Phy1nVkvmtC9Qai29OkX2bHP-FayX1UkVl0HngAFtZL6eE8D0RwW6ScGBgbvpn8j/s728-e365/zero-day-2.png>)\n\nIt further warned of a possible \"renewed destructive campaign\" mounted by the nation-state group known as [Sandworm](<https://www.wired.com/story/russia-gru-sandworm-serebriakov/>) (aka [Iridium](<https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html>)) on organizations located in Ukraine and elsewhere.\n\nWhat's more, Kremlin-backed hackers have deployed at least two ransomware and nine wiper families against over 100 Ukrainian entities. No less than 17 European countries have been targeted in espionage campaigns between January and mid-February 2023, and 74 countries have been targeted since the start of the war.\n\nOther key traits associated with Russian threat activity include the use of ransomware as weapons of cyber sabotage, gaining initial access through diverse methods, and leveraging real and pseudo hacktivist groups to expand the reach of Moscow's cyber presence.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-21T09:54:00", "type": "thn", "title": "From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1040", "CVE-2022-24682", "CVE-2022-26134", "CVE-2022-27518", "CVE-2022-30190", "CVE-2022-41128", "CVE-2022-41328", "CVE-2022-42475", "CVE-2023-23397"], "modified": "2023-03-22T04:19:09", "id": "THN:96E4C6D641E3E5B73D4B9A87628DD3CF", "href": "https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-05T13:40:59", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed\na remote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "ubuntucve", "title": "CVE-2022-0609", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-05T00:00:00", "id": "UB:CVE-2022-0609", "href": "https://ubuntu.com/security/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-10-18T07:30:41", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**AmirFedida** at February 15, 2022 8:23am UTC reported:\n\nGoogle is aware of reports that an exploit for CVE-2022-0609 exists in the wild.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "attackerkb", "title": "CVE-2022-0609", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-10-07T00:00:00", "id": "AKB:DEE6BA54-6F2D-4A58-9654-B21DD42E3502", "href": "https://attackerkb.com/topics/zfU2ECETgi/cve-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2023-12-03T17:28:18", "description": "CVE-2022-0609: Use after free in Animation\n\n- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n- https://vulners.com/cve/CVE-2022-0609\n\nGoogle is aware of reports that exploits for CVE-2022-0609 exist in the wild.\n\nThe exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T21:51:19", "type": "github", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-02-03T05:06:25", "id": "GHSA-VV6J-WW6X-54GX", "href": "https://github.com/advisories/GHSA-vv6j-ww6x-54gx", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-08-27T04:49:20", "description": "Google Chrome is a web browser from Google, Inc. Google Chrome Animation has a code execution vulnerability that can be exploited by attackers to execute arbitrary code on the system or cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-16T00:00:00", "type": "cnvd", "title": "Google Chrome Animation code execution vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-18T00:00:00", "id": "CNVD-2022-20552", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-20552", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-12-03T21:52:10", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information. Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-16T08:00:00", "type": "mscve", "title": "Chromium: CVE-2022-0609 Use after free in Animation", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-16T08:00:00", "id": "MS:CVE-2022-0609", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-04-08T19:29:13", "description": "A use after free vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-27T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Use After Free (CVE-2022-0609)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-27T00:00:00", "id": "CPAI-2022-0094", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-20T23:17:25", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-08T17:14:00", "id": "PRION:CVE-2022-0609", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-12-03T16:07:25", "description": "The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "cisa_kev", "title": "Google Chrome Use-After-Free Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-15T00:00:00", "id": "CISA-KEV-CVE-2022-0609", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "schneier": [{"lastseen": "2022-04-08T19:28:29", "description": "North Korean hackers have been [exploiting](<https://arstechnica.com/information-technology/2022/03/north-korean-hackers-unleashed-chrome-0-day-exploit-on-hundreds-of-us-targets/>) a zero-day in Chrome.\n\n> The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.\n\n[Details](<https://blog.google/threat-analysis-group/countering-threats-north-korea/>):\n\n> The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised.\n> \n> The kit initially serves some heavily obfuscated javascript used to fingerprint the target system. This script collected all available client information such as the user-agent, resolution, etc. and then sent it back to the exploitation server. If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript. If the RCE was successful, the javascript would request the next stage referenced within the script as "SBX", a common acronym for Sandbox Escape. We unfortunately were unable to recover any of the stages that followed the initial RCE.\n> \n> Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages. These safeguards included:\n> \n> * Only serving the iframe at specific times, presumably when they knew an intended target would be visiting the site. \n> * On some email campaigns the targets received links with unique IDs. This was potentially used to enforce a one-time-click policy for each link and allow the exploit kit to only be served once. \n> * The exploit kit would AES encrypt each stage, including the clients' responses with a session-specific key. \n> * Additional stages were not served if the previous stage failed.\n> \n> Although we recovered a Chrome RCE, we also found evidence where the attackers specifically checked for visitors using Safari on MacOS or Firefox (on any OS), and directed them to specific links on known exploitation servers. We did not recover any responses from those URLs.\n\nIf you're a Chrome user, patch your system now.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-31T11:13:50", "type": "schneier", "title": "Chrome Zero-Day from North Korea", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-30T14:37:31", "id": "SCHNEIER:A04F4786905DA91D85C88E72BCD1F5E6", "href": "https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2022-03-25T13:59:23", "description": "North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google\u2019s Chrome web browser weeks before the bug was discovered and patched, according to researchers.\n\nGoogle Threat Analysis Group (TAG) [discovered the flaw](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>), tracked as [CVE-2022-0609](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609>), on Feb. 10, reporting and patching it four days later as part of [an update](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>). Researchers said at the time that an exploit for the flaw\u2013a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in Chrome\u2019s animation component\u2013already existed in the wild.\n\nGoogle TAG now revealed it believes two threat groups\u2014the activity of which has been publicly tracked as [Operation Dream Job](<https://www.clearskysec.com/operation-dream-job/>) and [Operation AppleJeus](<https://securelist.com/operation-applejeus/87553/>), respectively\u2014exploited the flaw as early as Jan. 4 in \u201ccampaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries,\u201d according to [a blog post](<https://blog.google/threat-analysis-group/countering-threats-north-korea/>) published Thursday by Google TAG\u2019s Adam Weidemann. Other organizations and countries also may have been targeted, he said.\n\n\u201cOne of the campaigns has direct infrastructure overlap with a campaign targeting security researchers which we [reported on](<https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/>) last year,\u201d he wrote. In that campaign, hackers linked to North Korea [used an elaborate social-engineering campaign](<https://threatpost.com/north-korea-security-researchers-0-day/163333/>) to set up trusted relationships with security researchers with the ultimate goal of infecting their organizations\u2019 systems with custom backdoor malware.\n\nThe two groups, though separate, used the same [exploit kit](<https://www.virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685>) in their campaigns, which signals that they may work for the same entity with a shared supply chain. However, \u201ceach operate with a different mission set and deploy different techniques,\u201d Weidemann said. It\u2019s also possible that other North Korean government-backed attackers have access to the same kit, he added.\n\n## **Two Campaigns, One Exploit**\n\nResearchers revealed specific details about both Operation Dream Job and Operation AppleJeus in the post. The former targeted more than 250 individuals working for 10 different news media, domain registrars, web hosting providers and software vendors.\n\n\u201cThe targets received emails claiming to come from recruiters at Disney, Google and Oracle with fake potential job opportunities,\u201d Weidemann explained. \u201cThe emails contained links spoofing legitimate job-hunting websites like Indeed and ZipRecruiter.\u201d\n\nIf victims clicked on the link, they would be served a hidden browser iframe that would trigger the exploit kit, he wrote. Fake job domains owned by attackers that were used in the campaign included: disneycareers[.]net, find-dreamjob[.]com, indeedus[.]org, varietyjob[.]com, and ziprecruiters[.]org.\n\nExploitation URLs associated with Operation Dream Job used in the campaign included: https[:]//colasprint[.]com/about/about.asp, a legitimate but compromised website; and https[:]//varietyjob[.]com/sitemap/sitemap.asp.\n\nOperation AppleJeus, the work of a separate North Korean threat group, targeted more than 85 users in cryptocurrency and fintech industries leveraging the same exploit kit.\n\nAttackers compromised at least two legitimate fintech company websites to host hidden iframes that served the exploit kit to visitors to the site, researchers revealed. Google TAG also observed fake websites\u2013already set up to distribute [trojanized cryptocurrency applications](<https://www.virustotal.com/gui/file/295c20d0f0a03fd8230098fade0af910b2c56e9e5700d4a3344d10c106a6ae2a>)\u2014that hosted malicious iframes pointing their visitors to the exploit kit, Weidemann wrote.\n\nAttacker-owned websites observed in Operation AppleJeus included one dozen sites including: blockchainnews[.]vip, financialtimes365[.]com and giantblock[.]org, according to the post.\n\n## **Exploit Kit Revealed (Partially)**\n\nResearchers managed to recover key aspects of the functionality of the exploit kit used in both campaigns, which employed multiple stages and components to target users. Links to the exploit were placed in hidden iframes on websites that attackers either owned or had previously compromised, Weidemann wrote.\n\n\u201cThe kit initially serves some heavily obfuscated javascript used to fingerprint the target system,\u201d he explained. \u201cThis script collected all available client information such as the user-agent, resolution, etc. and then sent it back to the exploitation server.\u201d\n\nIf the data sent to the server met a set of unknown requirements, the client would be served a Chrome RCE exploit and some additional javascript. If the RCE was successful, the javascript would request the next stage referenced within the script as \u201cSBX,\u201d which is a common acronym for Sandbox Escape.\n\nResearchers were unable to recover the stages of exploit that followed the initial RCE because attackers took care to protect their exploits, deploying various safeguards, Weidemann said.\n\nThose tactics included only serving the iframe at specific times\u2013presumably when attackers knew an intended target would be visiting the site, he said. In some email campaigns, attackers also sent targets links with unique IDs that potentially were used to enforce a one-time-click policy for each link. This would allow the exploit kit to only be served once, Weidemann said.\n\nAttackers also used Advanced Encryption Standard (AES) encryption for each stage, including the clients\u2019 responses using a session-specific key. Finally, additional stages of the exploit were only served if the previous one was successful; if not, the next stage was not served, researchers found.\n\n_**Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our **_[_**FREE downloadable eBook**_](<https://bit.ly/3Jy6Bfs>)_**, \u201cCloud Security: The Forecast for 2022.\u201d**_ _**We explore organizations\u2019 top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.**_\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-25T13:19:59", "type": "threatpost", "title": "Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2022-0609"], "modified": "2022-03-25T13:19:59", "id": "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2", "href": "https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T15:33:28", "description": "Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.\n\nThe bug, tracked as [CVE-2022-2856](<https://vulners.com/cve/CVE-2022-2856>) and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with \u201cinsufficient validation of untrusted input in Intents,\u201d according to [the advisory](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) posted by Google.\n\nGoogle credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19. The advisory also unveiled 10 other patches for various other Chrome issues.\n\nIntents are a deep linking feature on the Android device within the Chrome browser that replaced URI schemes, which previously handled this process, [according to Branch](<https://branch.io/glossary/chrome-intents/>), a company that offers various linking options for mobile applications.\n\n\u201cInstead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document,\u201d the company explained on its website. Intent \u201cadds complexity\u201d but \u201cautomatically handles the case of the mobile app not being installed\u201d within links, according to the post.\n\nInsufficient validation is associated with input validation, a frequently-used technique for checking potentially dangerous inputs to ensure that they are safe for processing within the code, or when communicating with other components, [according to MITRE\u2019s Common Weakness Enumeration site](<https://cwe.mitre.org/data/definitions/20.html>).\n\n\u201cWhen software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application,\u201d according to a post on the site. \u201cThis will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.\u201d\n\n**Fending Off Exploits**\n\nAs is typical, Google did not disclose specific details of the bug until it is widely patched to avoid threat actors taking further advantage of it, a strategy that one security professional noted is a wise one.\n\n\u201cPublicizing details on an actively exploited zero-day vulnerability just as a patch becomes available could have dire consequences, because it takes time to roll out security updates to vulnerable systems and attackers are champing at the bit to exploit these types of flaws,\u201d observed Satnam Narang, senior staff research engineer at cybersecurity firm [Tenable,](<https://www.tenable.com/>) in an email to Threatpost.\n\n** **Holding back info is also sound given that other Linux distributions and browsers, such as Microsoft Edge, also include code based on Google\u2019s Chromium Project. These all could be affected if an exploit for a vulnerability is released, he said.\n\n\u201cIt is extremely valuable for defenders to have that buffer,\u201d Narang added.\n\nWhile the majority of the fixes in the update are for vulnerabilities rated as high or medium risk, Google did patch a critical bug tracked as [CVE-2022-2852](<https://vulners.com/cve/CVE-2022-2852>), a use-after-free issue in FedCM reported by Sergei Glazunov of Google Project Zero on Aug. 8. FedCM\u2014short for the Federated Credential Management API\u2013provides a use-case-specific abstraction for federated identity flows on the web, [according to Google](<https://developer.chrome.com/docs/privacy-sandbox/fedcm/>).\n\n**Fifth Chrome 0Day Patch So Far**\n\nThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.\n\nIn July, the company fixed an [actively exploited heap buffer overflow flaw](<https://threatpost.com/actively-exploited-chrome-bug/180118/>) tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) in WebRTC, the engine that gives Chrome its real-time communications capability, while in May it was a separate buffer overflow flaw tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) and under active attack that got slapped with a patch.\n\nIn April, Google patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), a type confusion flaw affecting Chrome\u2019s use of the V8 JavaScript engine on which attackers already had pounced. The previous month a separate type-confusion issue in V8 tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack also [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>).\n\nFebruary saw a fix for the first of this year\u2019s Chrome zero-days, a use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that already [was under attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>). Later [it was revealed](<https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/>) that North Korean hackers were exploiting the flaw weeks before it was discovered and patched.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T14:31:38", "type": "threatpost", "title": "Google Patches Chrome\u2019s Fifth Zero-Day of the Year", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2852", "CVE-2022-2856"], "modified": "2022-08-18T14:31:38", "id": "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC", "href": "https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-05T11:54:40", "description": "While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.\n\nChrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in [separate ](<https://chromereleases.googleblog.com/>)[blog posts](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.\n\nThe vulnerability, tracked as [CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) and reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1**, **is described as a buffer overflow, \u201cwhere the buffer that can be overwritten is allocated in the heap portion of memory,\u201d according to the vulnerability\u2019s [listing](<https://cwe.mitre.org/data/definitions/122.html>) on the Common Weakness Enumeration (CWE) website.\n\nAs per usual, Google did not reveal specific details about the bug, as it generally waits until most have updated to the patched version of the affected product. Indeed, updating is strongly recommended, as exploits for the vulnerability already exist in the wild, Google said.\n\nMoreover, with scant details revealed about the flaw\u2014a habit of Google\u2019s that many security researchers find frustrating\u2014at this point an update is really only way to defend against attacks exploiting the flaw. Fortunately, Google Chrome updates are pushed out without user intervention, so most users will be protected once patches are available.\n\nBuffer overflows generally lead to crashes or other attacks that make the affected program unavailable including putting the program into an infinite loop, according to the CWE listing. Attackers can take advantage of the situation by using the crash to execute arbitrary code typically outside of the scope of the program\u2019s security policy.\n\n\u201cBesides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\u2019s code,\u201d according to the listing. \u201cEven in applications that do not explicitly use function pointers, the run-time will usually leave many in memory.\u201d\n\n## **Other Fixes**\n\nIn addition to fixing the zero-day buffer overflow flaw, the Chrome releases also patch a type confusion flaw in the V8 JavaScript engine tracked as [CVE-2022-2295](<https://security-tracker.debian.org/tracker/CVE-2022-2295>) and reported June 16 by researchers \u201cavaue\u201d and \u201cBuff3tts\u201d at S.S.L., according to the post.\n\nThis is the third such flaw in the open-source engine used by Chrome and Chromium-based web browsers patched this year alone. In March a separate type-confusion issue in the V8 JavaScript engine tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>) from Google.\n\nThen in April, the company patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), another type confusion flaw affecting Chrome\u2019s use of V8 on which attackers already had pounced.\n\nAnother flaw patched in Monday\u2019s Chrome update is a use-after-free flaw in Chrome OS Shell reported by Khalil Zhani on May 19 and tracked as [CVE-2022-2296](<https://cve.report/CVE-2022-2296>), according to Google. All of the flaws patched in this week\u2019s update received a rating of high. The updates also includes several fixes from internal audits, fuzzing and other initiatives, Google said.\n\nPrior to patching the Chrome V8 JavaScript engine flaws in March and April, Google in February already had patched a zero-day use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that [was under active attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T11:54:21", "type": "threatpost", "title": "Google Patches Actively Exploited Chrome Bug", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-05T11:54:21", "id": "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "href": "https://threatpost.com/actively-exploited-chrome-bug/180118/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-15T21:47:28", "description": "Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that\u2019s actively being jumped on by attackers in the wild.\n\nIn a brief update, Google [described](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) the weakness, tracked as [CVE-2022-0609](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609>), as a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in Chrome\u2019s Animation component. This kind of flaw can lead to all sorts of misery, ranging from the corruption of valid data to the execution of arbitrary code on vulnerable systems. Such flaws can also be used to escape the browser\u2019s security sandbox.\n\n\u201cGoogle is aware of reports that an exploit for CVE-2022-0609 exists in the wild,\u201d according to its security update.\n\nChrome users can fix it straight away, though, by going into the Chrome menu > Help > About Google Chrome.\n\nGiven that the zero day is under active attack, updating Chrome should be done ASAP.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/15125804/Chrome-zero-day-e1644947947750.png>)\n\nChrome security updates. Source: Google.\n\nCredit for the Animation zero day goes to Adam Weidemann and Cl\u00e9ment Lecigne, both from Google\u2019s Threat Analysis Group (TAG).\n\nMonday\u2019s update also plastered over four other high-severity use-after-free flaws found in Chrome\u2019s Webstore API, File Manager, [ANGLE](<https://en.wikipedia.org/wiki/ANGLE_\\(software\\)>) and GPU. As well, the company addressed a high-severity integer overflow in [Mojo](<https://chromium.googlesource.com/chromium/src/+/main/docs/mojo_and_services.md>), plus a high-severity h\u200beap buffer overflow in Tab Groups. Finally, Google patched a medium-severity issue with inappropriate implementation in Gamepad API.\n\n## And So It Begins\n\nThis is Chrome\u2019s first zero day of the year, and more are sure to follow. But at least we\u2019ve made it into the new-ish year 10 more days than we managed in 2021, when the first bug to hit arrived on Feb. 4.\n\nLast year delivered a total of these 16 Chrome zero days:\n\n * [CVE-2021-21148](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) \u2013 Feb. 4, a vulnerability in its V8 open-source web engine.\n * [CVE-2021-21166](<https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/>) \u2013 March 2, a flaw in the Audio component of Google Chrome.\n * [CVE-2021-21193](<https://threatpost.com/google-mac-windows-chrome-zero-day/164759/>) \u2013 March 12, a use-after-free flaw in Blink, [the browser engine for Chrome](<https://threatpost.com/google-high-severity-blink-browser-engine-flaw/147770/>) that was developed as part of the Chromium project.\n * [CVE-2021-21220](<https://threatpost.com/chrome-zero-day-exploit-twitter/165363/>) \u2013 April 13, a remote-code execution issue.\n * [CVE-2021-21224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224>) \u2013 April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n * [CVE-2021-30551](<https://threatpost.com/chrome-browser-bug-under-attack/166804/>) \u2013- June 9, a type confusion bug within Google\u2019s V8 open-source JavaScript and WebAssembly engine.\n * [CVE-2021-30554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554>) \u2013 June 17, a use-after-free bug.\n * [CVE-2021-30563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563>) \u2013 July 15, type confusion in V8.\n * [CVE-2021-30632 and CVE-2021-30633](<https://threatpost.com/google-chrome-zero-day-exploited/169442/>) \u2013 Sept. 13, an out-of-bounds write in V8 and a use-after-free bug in the IndexedDB API, respectively.\n * [CVE-2021-37973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973>) \u2013 Sept. 24, a use-after-free flaw in Portals.\n * [CVE-2021-37976 and CVE-2021-37975](<https://threatpost.com/google-emergency-update-chrome-zero-days/175266/>) \u2013 Sept. 30, an information leak in core and a use-after-free bug in V8, respectively.\n * [CVE-2021-38000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38000>) and [CVE-2021-38003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003>) \u2013 Oct. 28, an issue with Insufficient validation of untrusted input in Intents in Google Chrome on Android, and an inappropriate implementation in V8 respectively.\n * [CVE-2021-4102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102>) \u2013 Dec. 13, a use after free in V8.\n\n**_Join Threatpost on Wed. Feb 23 at 2 PM ET for a [LIVE roundtable discussion](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) \u201cThe Secret to Keeping Secrets,\u201d sponsored by Keeper Security, focused on how to locate and lock down your organization\u2019s most sensitive data. Zane Bond with Keeper Security will join Threatpost\u2019s Becky Bracken to offer concrete steps to protect your organization\u2019s critical information in the cloud, in transit and in storage. [REGISTER NOW](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) and please Tweet us your questions ahead of time @Threatpost so they can be included in the discussion._**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-15T18:33:28", "type": "threatpost", "title": "Chrome Zero-Day Under Active Attack: Patch ASAP", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-4102", "CVE-2021-44228", "CVE-2022-0609"], "modified": "2022-02-15T18:33:28", "id": "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "href": "https://threatpost.com/google-chrome-zero-day-under-attack/178428/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2022-06-21T11:57:15", "description": "Businesses and governments these days are relying on dozens of different Software-as-a-Service (SaaS) applications to run their operations \u2014 and it\u2019s no secret that hackers are always looking for security vulnerabilities in them to exploit.\n\nAccording to [research by BetterCloud](<http://pages.bettercloud.com/rs/719-KZY-706/images/2020_StateofSaaSOpsReport.pdf?mkt_tok=NzE5LUtaWS03MDYAAAF8LQdmoC7u54xbqxNwp0au4Zk7SiYaaqq2vupXFxCvaP5vY8gSQtlGFsUsRI8oj5Fl2m5PwIZUUAlzVZL_-hUEQ2RdNqgEzDAmZA5bZtowS_v-zMs>), the average company with 500 to 999 employees uses about 93 different SaaS applications, with that number rising to 177 for companies with over 1000 employees.\n\nCoupled with the fact that vendors release thousands of updates each year to patch security vulnerabilities in their software, it\u2019s not surprising that businesses and governments are struggling to keep up with the [volume of security vulnerabilities and patches](<https://media.bitpipe.com/io_15x/io_152272/item_2184126/ponemon-state-of-vulnerability-response-.pdf>).\n\nAnd lo and behold, despite the best efforts of governments and businesses around the globe, hackers still managed to exploit [multiple security vulnerabilities in 2021](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/04/the-top-5-most-routinely-exploited-vulnerabilities-of-2021/>).\n\nIn this post, we\u2019ll take a look at five times governments and businesses got hacked thanks to security vulnerabilities in 2021.\n\n## 1\\. APT41 exploits Log4Shell vulnerability to compromise at least two US state governments\n\nFirst publicly announced in early December 2021, [Log4shell](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/what-smbs-can-do-to-protect-against-log4shell-attacks/>) ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>)) is a critical security vulnerability in the popular Java library Apache Log4j 2. The vulnerability is simple to execute and enables attackers to perform [remote code execution](<https://blog.malwarebytes.com/glossary/remote-code-execution-rce-attack/>).\n\nA patch for Log4Shell was released on 9 December 2021, but within hours of the initial December 10 2021 announcement, hacker groups were already racing to exploit Log4Shell before businesses and governments could patch it \u2014 and at least one of them was successful.\n\nShortly after the advisory, the Chinese state-sponsored hacking group APT41 exploited Log4Shell to compromise at least two US state governments, according to research from [Mandiant](<https://www.mandiant.com/resources/apt41-us-state-governments>). Once they gained access to internet-facing systems, APT41 began a months-long campaign of [reconnaissance ](<https://blog.malwarebytes.com/glossary/recon/>)and credential harvesting.\n\n## 2. North Korean government backed-groups exploit Chrome zero-day vulnerability\n\nOn February 10 2022, Google's Threat Analysis Group (TAG) [discovered that two North Korean government backed-groups ](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-chrome-patches-actively-exploited-zero-day-vulnerability/>)exploited a vulnerability ([**CVE-2022-0609**](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>)) in Chrome to attack over 250 individuals working for various media, fintech, and software companies.\n\nThe activities of the two groups have been tracked as [Operation Dream Job](<https://www.clearskysec.com/operation-dream-job/>) and[ AppleJeus](<https://securelist.com/operation-applejeus/87553/>), and both of them used the same [exploit kit](<https://blog.malwarebytes.com/threats/exploit-kits/>) to collect sensitive information from affected systems.\n\nHow does it work, you ask? Well, hackers exploited a use-after-free (UAF) vulnerability in the Animation component of Chrome \u2014 which, just like Log4Shell, allows hackers to perform remote code execution.\n\n## 3. Hackers infiltrate governments and companies with ManageEngine ADSelfService Plus vulnerability\n\nFrom September 17 through early October, hackers successfully compromised at least nine companies and 370 servers by[ exploiting a vulnerability** **](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/fbi-and-cisa-warn-of-apt-groups-exploiting-adselfservice-plus/>)[**(CVE-20**](<https://nvd.nist.gov/vuln/detail/cve-2021-40539>)**[2](<https://nvd.nist.gov/vuln/detail/cve-2021-40539>)**[**1-40539)**](<https://nvd.nist.gov/vuln/detail/cve-2021-40539>)[ in ManageEngine ADSelfService Plus](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/fbi-and-cisa-warn-of-apt-groups-exploiting-adselfservice-plus/>), a self-service password management and single sign-on solution.\n\nSo, what happens after hackers exploited this vulnerability? You guessed it \u2014 remote code execution. Specifically, hackers uploaded a [payl](<https://blog.malwarebytes.com/glossary/payload/>)[oad ](<https://blog.malwarebytes.com/glossary/payload/.>)to a victims network that installed a webshell, a malicious script that grants hackers a persistent gateway to the affected device.\n\nFrom there, hackers [moved laterally](<https://blog.malwarebytes.com/glossary/lateral-movement/>) to other systems on the network, exfiltrated any files they pleased, and [even stole credentials](<https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/>).\n\n## 4. Tallinn-based hacker exploits Estonian government platform security vulnerabilities\n\n[In July 2021](<https://www.ria.ee/en/news/police-and-border-guard-board-and-information-system-authority-stopped-illegal-downloading-data.html>), Estonian officials announced that a Tallinn-based male had gained access to KMAIS, Estonia\u2019s ID-document database, where he downloaded the government ID photos of 286,438 Estonians.\n\nTo do this, the hacker exploited a vulnerability in KMAIS that allowed him to obtain a person's ID photo using queries. Specifically, KMAIS did not sufficiently check the validity of the query received \u2014 and so, using fake digital certificates, the suspect could download the photograph of whoever he was pretending to be.\n\n## 5. Russian hackers exploit Kaseya security vulnerabilities\n\nKaseya, a Miami-based software company, provides tech services to thousands of businesses over the world \u2014 and on July 2 2021, Kaseya CEO Fred Voccola had an urgent message for Kaseya customers: [shut down your servers immediately](<https://www.zdnet.com/article/updated-kaseya-ransomware-attack-faq-what-we-know-now/>).\n\nThe urgency was warranted. [Over 1,500 small and midsize businesses](<https://blog.malwarebytes.com/cybercrime/2021/07/shutdown-kaseya-vsa-servers-now-amidst-cascading-revil-attack-against-msps-clients/>) had just been attacked, with attackers asking for $70 million in payment.\n\nA Russian-based cybergang known as REvil claimed responsibility for the attack. According to Hunteress Labs, REvil [exploi](<https://www.cisa.gov/uscert/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa>)[ted a zero-day](<https://www.cisa.gov/uscert/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa>) ([CVE-](<https://nvd.nist.gov/vuln/detail/CVE-2021-30116>)[2021-30116](<https://nvd.nist.gov/vuln/detail/CVE-2021-30116>)) and performed an authentication bypass in Kaseya's web interface \u2014 allowing them to deploy [a ransomware attack](<https://blog.malwarebytes.com/ransomware/2021/07/3-things-the-kaseya-attack-can-teach-us-about-ransomware-recovery/>) on MSPs and their customers.\n\n## Organizations need a streamlined approach to vulnerability assessment\n\n[Hackers took advantage](<https://blog.malwarebytes.com/hacking-2/2022/05/10-ways-attackers-gain-access-to-networks/>) of many security vulnerabilities in 2021 to breach an array of governments and businesses.\n\nAs we broke down in this article, hackers can range from individuals to whole state-sponsored groups \u2014 and we also saw how vulnerabilities themselves can appear in just about any piece of software regardless of the industry.\n\nAnd while some vulnerabilities are certainly worse than others, the sheer volume of vulnerabilities out there makes it difficult to keep up with the volume of security patches. With the right [vulnerability management](<https://www.malwarebytes.com/cybersecurity/business/what-is-vulnerability-management>) and[ patch management](<https://www.malwarebytes.com/cybersecurity/business/what-is-patch-management>), however, your organization can find (and correct) weak points that malicious hackers, viruses, and other cyberthreats want to attack.\n\nWant to learn more about different vulnerability and patch management tools? Visit our [Vulnerability and Patch Management page](<https://www.malwarebytes.com/business/vulnerability-patch-management>) or read the [solution brief](<https://www.malwarebytes.com/resources/easset_upload_file46277_212091_e.pdf>).\n\nThe post [Security vulnerabilities: 5 times that organizations got hacked](<https://blog.malwarebytes.com/business-2/2022/06/security-vulnerabilities-5-times-that-organizations-got-hacked/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-21T10:04:02", "type": "malwarebytes", "title": "Security vulnerabilities: 5 times that organizations got hacked", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30116", "CVE-2021-40539", "CVE-2021-44228", "CVE-2022-0609"], "modified": "2022-06-21T10:04:02", "id": "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "href": "https://blog.malwarebytes.com/business-2/2022/06/security-vulnerabilities-5-times-that-organizations-got-hacked/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T15:33:58", "description": "Google has [released an update](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) for its Chrome browser that includes eleven security fixes, one of which has been reportedly exploited in the wild.\n\nThe vulnerability that is reported as being exploited in the wild has been assigned [CVE-2022-0609](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609>).\n\n## CVE-2022-0609\n\nThe vulnerability is described as a Use-after-free (UAF) vulnerability in the Animation component. UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program\u2019s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, when the vulnerability is exploited, this can lead to corruption of valid data and the execution of arbitrary code on affected systems.\n\nAs a result, a remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger the UAF vulnerability and execute arbitrary code on the target system.\n\nThe researchers who found and reported the flaw are Adam Weidemann and Cl\u00e9ment Lecigne of Google's Threat Analysis Group (TAG). As usual, Google hasn't gone into any more detail about the bug. Access to bug details and links are usually restricted until the majority of users are updated with a fix.\n\n## Other vulnerabilities\n\nOther vulnerabilities that have been discovered by external researchers are;\n\n * CVE-2022-0603: Use after free in File Manager.\n * CVE-2022-0604: Heap buffer overflow in Tab Groups.\n * CVE-2022-0605: Use after free in Webstore API.\n * CVE-2022-0606: Use after free in ANGLE.\n * CVE-2022-0607: Use after free in GPU.\n * CVE-2022-0608: Integer overflow in Mojo.\n * CVE-2022-0610: Inappropriate implementation in Gamepad API.\n\n## How to protect yourself\n\nIf you\u2019re a Chrome user on Windows, Mac, or Linux, you should update to version 98.0.4758.102 as soon as possible. \n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerability. My preferred method is to have Chrome open the page **chrome://settings/help** which you can also find by clicking **Settings > About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\n_Chrome is up to date_\n\nAfter the update the version should be 98.0.4758.102. Since Animations is a Chromium component, users of other Chromium based browsers may see a similar update.\n\nStay safe, everyone!\n\nThe post [Update now! Chrome patches actively exploited zero-day vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-chrome-patches-actively-exploited-zero-day-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-02-15T13:50:16", "type": "malwarebytes", "title": "Update now! Chrome patches actively exploited zero-day vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-15T13:50:16", "id": "MALWAREBYTES:833279010C6AFB764A7A964FBF59CD1D", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-chrome-patches-actively-exploited-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}], "trellix": [{"lastseen": "2022-03-02T00:00:00", "description": "# The Bug Report - February 2022 \n\nBy Jesse Chick \u00b7 March 2, 2022\n\n## Your Cybersecurity Comic Relief\n\n[](<https://toggl.com/>) **[Image courtesy of https://toggl.com/](<https://toggl.com/>)**\n\n## Why am I here?\n\nWelcome back to the Bug Report, stubby-month edition! For those in the audience unfamiliar with our shtick, [every month](<https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-bug-report-january-2022.html>) we compile a shortlist of the top vulnerabilities of the month, so that they might whittle away at your last few hours of peaceful sleep. \n\nIt\u2019s a testament to the excitement of the last few months that February came as something of a reprieve for many of us who follow the ebbs and flows of the vulnerability landscape. But as we all slow down and catch our breath, someone, somewhere is having their personal information leaked, their intellectual property held by ransomware, or their privacy otherwise abused by a 0-day...and you're probably here for the grisly details. So, we at Trellix dutifully present to you our four high-impact vulns released during the month of February:\n\n * CVE-2022-22620: Apple WebKit\n * CVE-2022-0609: Google Chrome\n * CVE-2022-24086: Magento/ Adobe Commerce \n * CVE-2022-22536: SAP Internet Communications Manager\n \n\n\n## CVE-2022-22620: Apple finally gave something away for free!\n\n### What is it?\n\nWebKit is Apple\u2019s browser engine. If you are browsing the internet using an Apple product, I\u2019d bet with next month\u2019s rent money that WebKit is churning behind the scenes. Versions of WebKit prior to iOS 15.3.1 contain a use-after-free vulnerability (which occurs due to shoddy memory management) that can allow full remote code execution on a victim\u2019s device. The avenue of attack most likely to be used by attackers is a malicious URL (remember phishing from those pesky compliance trainings?) or via embedding the payload in a cross-site scripting attack on a vulnerable webpage. In the same terse fashion we curious souls have come to expect, Apple has withheld further detail on this vulnerability and the nature of the exploit. \n\n### Who cares?\n\nI care. I have an iPhone. And so do [6 million](<https://securityboulevard.com/2022/02/apples-zero-day-0-click-critical-vulnerability-cve-2022-22620/>) of you on Twitter, apparently, who likely rely on Apple products for either professional or personal tasks. To make this threat even less abstract for us Apple used-to-be-elite-now-commoners, there have been [reports](<https://twitter.com/Laughing_Mantis/status/1494394742821425164>) of CVE-2022-22620 being exploited in conjunction with privilege escalation to gain access to users\u2019 cameras and microphones.\n\n### What can I do?\n\nUpdate. Gotta update, always. To make sure your iPhone is running the patched version of iOS, go to Settings > General > About. If the \u201cSoftware Version\u201d shows something older than 15.3.1, that device is vulnerable, and it would be best to update immediately.\n\n### The Gold Standard\n\nAt this point, patching via software update is your best option. If you would like to have security and other updates installed automatically overnight upon release by Apple, this can be configured on all relevant devices to ensure you are free of exposure as quickly as possible.\n\n \n\n\n## CVE-2022-0609: Should you switch to Firefox?\n\n### What is it?\n\nAppearing like roaches, use-after-free browser bugs travel in groups. This one was discovered in-house at Google, by the Threat Analysis Group, inside of Chrome\u2019s animation component. Although some interaction from the user is required to carry out a successful exploit, this vulnerability can be leveraged to send and execute commands on a victim\u2019s machine over a local network.\n\n### Who cares?\n\nThe hundreds of millions of Chrome users (backed by Chrome\u2019s nearly two-thirds market share among today\u2019s browsers) may want to pay it some mind. This especially holds true for those who often browse from a public network, e.g. students and those who frequently travel, since public networks are a common reservoir of targets for malicious actors. Sure enough, [according to Google](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609>), this vulnerability is reported to have been exploited numerous times in the wild. But we all work from home now so no big deal, right? (I\u2019m hoping this comment does NOT age well).\n\n### What can I do?\n\n[Update Chrome](<https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop>) to version [98.0.4758.102](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) or later, if you have not done so already. Checking the current version of Chrome is as simple as pasting \u201cchrome://version\u201d into the search bar.\n\n### The Gold Standard\n\nAs with iOS, etc., turning on automatic updates for Chrome is a good practice. Set it and forget. \n\n \n\n\n## CVE-2022-24086: All your e-commerce belongs to\u2026.?\n\n### What is it?\n\nYou can be forgiven for having never heard of Magento; avoiding PHP back ends like Ebola seems like decent practice. It turns out Magento is an open-source e-commerce platform which was bought by Adobe in 2018 and now forms the backbone of Adobe Commerce. Due to a lack of proper input validation (CWE-20, if you care) during the checkout stage of a transaction, an attacker can use Adobe Commerce\u2014or the open-source release of Magento that parallels it\u2014to achieve unauthenticated RCE with the same privileges as the corresponding server process. So, if Magento is running as root, this is about as bad as it gets.\n\n### Who cares?\n\nWell, if your platform relies on Adobe Commerce or open-source Magento, consider yourself vulnerable\u2014all unpatched versions of each are affected. Not to mention, CVE-2022-24086 has been actively exploited in the wild.\n\nAs of this writing, there is no complete publicly-available proof of concept, although a redacted version of a working POC (seen below) created by researchers with [Positive Technologies Offensive Team](<https://swarm.ptsecurity.com/>) has been released on [Twitter](<https://twitter.com/ptswarm/status/1494240197915123713>) and distributed widely, which illustrates the leaking of \u201c/etc/passwd\u201d on a vulnerable host.\n\n \n\n\n### What can I do?\n\nPatch, and patch quickly. Time is of the essence! But be sure to follow the [instructions from Adobe](<https://helpx.adobe.com/security/products/magento/apsb22-12.html#Summary>) with care: there are two patches which must be applied in sequence, one to address [CVE-2022-24086](<https://vulners.com/cve/CVE-2022-24086>) and another to fix the near-identical follow-on issue tracked as [CVE-2022-24087](<https://sensorstechforum.com/cve-2022-24087-adobe-magento/>). Both patches are required to make sure that your platform is safe from exploitation of this vulnerability.\n\n### The Gold Standard\n\nStay abreast on the latest impactful vulnerabilities throughout the industry; or you just might see a piece of your own infrastructure featured in the latest CVE. Our [security bulletins](<https://www.mcafee.com/enterprise/en-us/threat-center/product-security-bulletins.html>) are a great place to start.\n\n \n\n\n## CVE-2022-22536: A Perfect 10!\n\n### What is it?\n\nDoes anyone have a clue what SAP stands for? I\u2019ve always wondered but never been able to demystify the potential acronym. This month it could be confused with a Strikingly Attackable Platform thanks to CVE-2022-22536. The bug exists in the SAP Internet Communication Manager (ICM) when the webserver hosting the ICM is sitting behind a proxy. An attacker can use a technique called [HTTP Response Smuggling](<https://www.whitehatsec.com/glossary/content/http-response-smuggling>) to poison the proxy\u2019s web cache and ICM response queue. Upon an unexpecting user visiting the website and making a GET request for the page, they will download the attacker\u2019s malicious JavaScript instead of the intended webpage. A more detailed (and colorful!) explanation of the attack mechanics is available on the [Onapsis website](<https://onapsis.com/icmad-sap-cybersecurity-vulnerabilities?utm_campaign=2022-Q1-global-ICM-campaign-page&utm_medium=website&utm_source=third-party&utm_content=CISA-alert#download>), for the price of your email, of course.\n\n### Who cares?\n\nSAP in January of 2022 proudly [reported](<https://www.sap.com/documents/2017/04/4666ecdd-b67c-0010-82c7-eda71af511fa.html>) that 99 of 100 of the largest companies in the world were SAP customers with over [230 million cloud users](<https://www.sap.com/about/company/what-is-sap.html>). Couple that statistic with the fact that every SAP application sitting behind any kind of proxy with standard configuration will be vulnerable to this bug, there is a good chance you might need to cancel your weekend plans. Although we don\u2019t put much stock in [CVSS score](<https://nvd.nist.gov/vuln-metrics/cvss>) for this publication, it's worth noting this scored the magical unicorn rating of a perfect 10 and was able to garner special attention from our friends at [CISA](<https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing>).\n\n### What can I do?\n\nIf in doubt as to whether or not your SAP server is vulnerable, the good people at [Onapsis](<https://onapsis.com/>), who discovered the vulnerability, released a Python-based [scanning tool](<https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022>) with a complete CLI. Or, if you have the version number of your NetWeaver, Web Dispatcher, etc., you can simply cross-reference it with [SAP\u2019s official list](<https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022>) of vulnerable versions. Don\u2019t want a call at 2 a.m. about a breach? Take the time to download and install the patches for your SAP products today!\n\n### The Gold Standard\n\nUnfortunately, not every vulnerability can be adequately addressed by network security products, and this vulnerability happens to be one of those cases. Your best bet is to follow the mitigations mentioned above and keep your servers up to date.\n", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "trellix", "title": "The Bug Report - February 2022 Edition", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-0609", "CVE-2022-22536", "CVE-2022-22620", "CVE-2022-24086", "CVE-2022-24087"], "modified": "2022-03-02T00:00:00", "id": "TRELLIX:73420774AE3767CFB11F493B41572174", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-february-2022.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "ics": [{"lastseen": "2023-12-03T16:49:03", "description": "## **[View CSAF](<https://github.com/cisagov/CSAF>)**\n\n## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.6**\n * **ATTENTION**: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation\n * **Vendor**: Rockwell Automation\n * **Equipment**: Connected Components Workbench\n * **Vulnerabilities**: Use After Free, Out-of-bounds Write\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption via a crafted HTML.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Rockwell Automation Connected Components Workbench Smart Security Manager are affected:\n\n * Connected Components Workbench: versions prior to R21\n\n### 3.2 Vulnerability Overview\n\n#### 3.2.1 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains a use after free vulnerability in Google Chrome versions before 86.0.4240.198. If exploited, a remote threat actor could potentially perform a sandbox escape via a crafted HTML page.\n\n[CVE-2020-16017](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16017>) has been assigned to this vulnerability. A CVSS v3 base score of 9.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H>)).\n\n#### 3.2.2 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains a use after free vulnerability in Animation within Google Chrome before 98.0.4758.102. This vulnerability could potentially allow a remote threat actor to exploit heap corruption via a crafted HTML page.\n\n[CVE-2022-0609](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0609>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.3 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains an inappropriate implementation in V8 of Google Chrome before 86.0.4240.18. This vulnerability allows a remote threat actor to potentially exploit heap corruption via a crafted HTML page.\n\n[CVE-2020-16009](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16009>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.4 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains an inappropriate implementation in V8 of Google Chrome before 86.0.4240.198. This vulnerability allows a remote threat actor to potentially exploit heap corruption via a crafted HTML page.\n\n[CVE-2020-16013](<https://nvd.nist.gov/vuln/detail/CVE-2020-16013>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.5 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains a heap buffer overflow vulnerability in Freetype within Google Chrome before 86.0.4240.111. This vulnerability could allow a remote threat actor to potentially exploit heap corruption via a crafted HTML page.\n\n[CVE-2020-15999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15999>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Multiple\n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** United States\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation recommends users to update to [R21 and later](<https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&versions=62094,61582,61171,59954,57681,56704,55972,55834,55171,55113,54814,54367,54015,52536,52079,51735,51580,50987,50897,50616,50061>).\n\nUsers with the affected software are encouraged to apply the risk mitigations, if possible.\n\nAdditionally, Rockwell Automation encourages users to implement their suggested security best practices to minimize the risk of vulnerability.\n\n * [Security Best Practices](<https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:\n\n * Minimize network exposure for all control system devices and/or systems, ensuring they are [not accessible from the internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolating them from business networks.\n * When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/resources-tools/resources/ics-recommended-practices>) on the ICS webpage on [cisa.gov/ics](<https://www.cisa.gov/topics/industrial-control-systems>). Several CISA products detailing cyber defense best practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nCISA encourages organizations to implement recommended cybersecurity strategies for [proactive defense of ICS assets](<https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://www.cisa.gov/topics/industrial-control-systems>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks:\n\n * Do not click web links or open attachments in unsolicited email messages.\n * Refer to [Recognizing and Avoiding Email Scams](<https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf>) for more information on avoiding email scams.\n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://www.cisa.gov/uscert/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\n## 5\\. UPDATE HISTORY\n\n * September 21, 2023: Initial Publication\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2023-09-21T12:00:00", "type": "ics", "title": "Rockwell Automation Connected Components Workbench", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16013", "CVE-2020-16017", "CVE-2022-0609"], "modified": "2023-09-21T12:00:00", "id": "ICSA-23-264-05", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-05", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "avleonov": [{"lastseen": "2022-03-14T21:27:34", "description": "Hello everyone! I am glad to greet you from the most sanctioned country in the world. Despite all the difficulties, we carry on. I even have some time to release new episodes. This time it will be about Microsoft Patch Tuesday for March 2022. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239076>\n\nI do the analysis as usual with my open source tool Vulristics. You can still [download it on github](<https://github.com/leonov-av/vulristics>). I hope that github won't block Russian repositories and accounts, but for now it looks possible. Most likely, I will just start hosting the sources of my projects on avleonov.com in this case. Or on another domain, if it gets even tougher. Stay tuned.\n\nThis month there have been issues with getting Patch Tuesday blog posts from VM vendors. Qualys' site search broke and DuckDuckGo didn't index the ZDI blog well. Therefore, I added the links to them in **mspt-comments-links-path** manually.\n \n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"March\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n \n $ cat comments_links.txt \n Qualys|March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical|https://blog.qualys.com/vulnerabilities-threat-research/2022/03/08/march-2022-patch-tuesday\n ZDI|THE MARCH 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/3/8/the-march-2022-security-update-review$ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"March\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n\nI made a change to Vulristics so now it can take into account the Exploit Code Maturity from the CVSS Temporal Score of the Microsoft object. Such a mark will be less critical than the presence of an exploit in any exploit pack, but still.\n\nOn March 8, Microsoft published 71 CVEs. Another 30 have been published before since last February's Patch Tuesday, all in Microsoft Edge. In total, 101 vulnerabilities. If we look at CVSS, 50 of them will have a "High" level. According to my Vulristics metric, only 26 of them will have a "High" level. I think it shows that my prioritization is better.\n\n 1. The most critical vulnerability in my report is **Remote Code Execution** - Microsoft Defender for IoT ([CVE-2022-23265](<https://vulners.com/cve/CVE-2022-23265>)). It may not be the most common product, but according to Microsoft, there is a Functional Exploit for this vulnerability. "The code works in most situations where the vulnerability exists". Agree that for such a vulnerability it is interesting. No VM vendors have highlighted this vulnerability.\n 2. In second place, **Remote Code Execution** - Windows Remote Desktop Client ([CVE-2022-21990](<https://vulners.com/cve/CVE-2022-21990>)). "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client". It's certainly hard to imagine anyone actually using such a scenario, but having a Proof-of-Concept Exploit, according to Microsoft, is interesting.\n 3. The following vulnerability was published prior to March Patch Tuesday. **Memory Corruption** - Microsoft Edge ([CVE-2022-0609](<https://vulners.com/cve/CVE-2022-0609>)). Why is this vulnerability here? Because this vulnerability is actively exploited in the wild and has even been included in the [CISA Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n 4. The next is **Remote Code Execution** - Windows SMBv3 Client/Server ([CVE-2022-24508](<https://vulners.com/cve/CVE-2022-24508>)). "Authentication is required here, but since this affected both clients and servers, an attacker could use this for lateral movement within a network". The need for authentication makes this vulnerability less critical, but of course it's worth patching.\n 5. **Security Feature Bypass** - Windows HTML Platforms ([CVE-2022-24502](<https://vulners.com/cve/CVE-2022-24502>)). Another vulnerability that no one highlighted, but there is a Proof-of-Concept Exploit for it somewhere. Perhaps it will develop into something critical.\n 6. This vulnerability is the first one that catches the eye, since it is in software that is usually available on the network perimeter. **Remote Code Execution** - Microsoft Exchange ([CVE-2022-23277](<https://vulners.com/cve/CVE-2022-23277>)). "The vulnerability would allow an authenticated attacker to execute their code with elevated privileges through a network call. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn\u2019t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible." Seems like it needs to be patched first. But while there is no public exploit, there is time to do it without much haste. Also, due to the need to get credentials, this vulnerability will most likely not be exploited in broadcast attacks.\n 7. And the last vulnerability that I would like to mention is **Elevation of Privilege** - Windows Fax and Scan Service ([CVE-2022-24459](<https://vulners.com/cve/CVE-2022-24459>)). Also, not much is known about it, except that according to Microsoft there is a Proof-of-Concept Exploit for it.\n\nYou can see the full version of the report here: \n[ms_patch_tuesday_march2022_report_with_comments_ext_img.html](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_march2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-14T17:33:28", "type": "avleonov", "title": "Microsoft Patch Tuesday March 2022", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-21990", "CVE-2022-23265", "CVE-2022-23277", "CVE-2022-24459", "CVE-2022-24502", "CVE-2022-24508"], "modified": "2022-03-14T17:33:28", "id": "AVLEONOV:84C227D6BCF2EBE9D3A584B815D5145A", "href": "https://avleonov.com/2022/03/14/microsoft-patch-tuesday-march-2022/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-06T10:39:22", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to 84.0.4316.21:\n\n - CHR-8762 Update chromium on desktop-stable-98-4316 to 98.0.4758.102\n - DNA-97333 \ufffd\ufffd\ufffdAdd a site\ufffd\ufffd\ufffd label on start page tile barely visible\n - DNA-97691 Opera 84 translations\n - DNA-97767 Wrong string in FR\n - DNA-97855 Crash at ScopedProfileKeepAlive::~ScopedProfileKeepAlive()\n - DNA-97982 Enable #snap-upstream-implementation on all streams\n - The update to chromium 98.0.4758.102 fixes following issues:\n CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606,\n CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-77=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-07T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-03-07T00:00:00", "id": "OPENSUSE-SU-2022:0077-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L7KXX2TTV5W7GPPK56SZGJJJ4MI5ONP4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T12:08:42", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium 98.0.4758.102 (boo#1195986)\n * CVE-2022-0603: Use after free in File Manager\n * CVE-2022-0604: Heap buffer overflow in Tab Groups\n * CVE-2022-0605: Use after free in Webstore API\n * CVE-2022-0606: Use after free in ANGLE\n * CVE-2022-0607: Use after free in GPU\n * CVE-2022-0608: Integer overflow in Mojo\n * CVE-2022-0609: Use after free in Animation\n * CVE-2022-0610: Inappropriate implementation in Gamepad API\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-42=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-17T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-17T00:00:00", "id": "OPENSUSE-SU-2022:0042-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAORTPDMHKSRQIYVJOF76VFIUP5OMBJA/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:07", "description": "An update that fixes 241 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to 85.0.4341.28\n\n - CHR-8816 Update chromium on desktop-stable-99-4341 to 99.0.4844.84\n - DNA-98092 Crash at views::MenuItemView::GetMenuController()\n - DNA-98278 Translations for O85\n - DNA-98320 [Mac] Unable to delete recent search entries\n - DNA-98614 Show recent searches for non-BABE users\n - DNA-98615 Allow removal of recent searches\n - DNA-98616 Add recent searches to \ufffd\ufffd\ufffdold\ufffd\ufffd\ufffd BABE\n - DNA-98617 Make it possible to disable ad-blocker per-country\n - DNA-98651 Remove Instagram and Facebook Messenger in Russia\n - DNA-98653 Add flag #recent-searches\n - DNA-98696 smoketest\n PageInfoHistoryDataSourceTest.FormatTimestampString failing\n - DNA-98703 Port Chromium issue 1309225 to Opera Stable\n\n - The update to chromium 99.0.4844.84 fixes following issues: CVE-2022-1096\n - Changes in 85.0.4341.18\n\n - CHR-8789 Update chromium on desktop-stable-99-4341 to 99.0.4844.51\n - DNA-98059 [Linux] Crash at\n opera::FreedomSettingsImpl::IsBypassForDotlessDomainsEnabled\n - DNA-98349 [Linux] Crash at bluez::BluezDBusManager::Get()\n - DNA-98126 System crash dialog shown on macOS <= 10.15\n - DNA-98331 [Snap] Meme generator cropping / resizing broken\n - DNA-98394 Audio tab indicator set to \"muted\" on videoconferencing sites\n - DNA-98481 Report errors in opauto_collector\n - The update to chromium 99.0.4844.51 fixes following issues:\n CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792,\n CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796,\n CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800,\n CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804,\n CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809\n\n - Changes in 85.0.4341.13\n\n - DNA-94119 Upgrade curl to 7.81.0\n - DNA-97849 [Mac monterey] System shortcut interfere with Opera\ufffd\ufffd\ufffds\n `ToggleSearchInOpenTabs` shortcut\n - DNA-98204 Automatic popout happens when video is paused\n - DNA-98231 Shortcuts are blocked by displayed tab tooltip when\n triggered quickly after tooltip appears\n - DNA-98321 Add thinlto-cache warnings to suppression list\n - DNA-98395 Promote O85 to stable\n\n - Complete Opera 85.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-85/\n\n - Update to 84.0.4316.42\n\n - DNA-94119 Upgrade curl to 7.81.0\n - DNA-98092 Crash at views::MenuItemView::GetMenuController()\n - DNA-98204 Automatic popout happens when video is paused\n - DNA-98231 Shortcuts are blocked by displayed tab tooltip when\n triggered quickly after tooltip appears\n\n - Update to 84.0.4316.31\n - CHR-8772 Update chromium on desktop-stable-98-4316 to 98.0.4758.109\n - DNA-97573 [Win][Lin]\ufffd\ufffd\ufffdClose tab\ufffd\ufffd\ufffd button is not displayed on tabs\n playing media when many tabs are open\n - DNA-97729 cancelling the process uploading custom Wallpaper crashes\n the browser\n - DNA-97871 Google meet tab\ufffd\ufffd\ufffds icons don\ufffd\ufffd\ufffdt fit on pinned tab\n - DNA-97872 Tab is being unpinned when video conferencing button is\n clicked\n - DNA-98039 Dark theme top sites have black background\n - DNA-98117 Clicking current tab information should hide tooltip\n\n - Update to 84.0.4316.21\n - CHR-8762 Update chromium on desktop-stable-98-4316 to 98.0.4758.102\n - DNA-97333 \ufffd\ufffd\ufffdAdd a site\ufffd\ufffd\ufffd label on start page tile barely visible\n - DNA-97691 Opera 84 translations\n - DNA-97767 Wrong string in FR\n - DNA-97855 Crash at ScopedProfileKeepAlive::~ScopedProfileKeepAlive()\n - DNA-97982 Enable #snap-upstream-implementation on all streams\n - The update to chromium 98.0.4758.102 fixes following issues:\n CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606,\n CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610\n\n - Update to 84.0.4316.14\n - CHR-8753 Update chromium on desktop-stable-98-4316 to 98.0.4758.82\n - DNA-97177 Battery saver \ufffd\ufffd\ufffd the icon looks bad for DPI!=100%\n - DNA-97614 automatic video pop-out for most popular websites\n broadcasting Winter Olympic Games 2022\n - DNA-97804 Promote O84 to stable\n - The update to chromium 98.0.4758.82 fixes following issues:\n CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455,\n CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459,\n CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463,\n CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467,\n CVE-2022-0468, CVE-2022-0469, CVE-2022-0470\n - Complete Opera 84.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-84/\n\n - Update to 83.0.4254.54\n - DNA-96581 Fast tab tooltip doesn\ufffd\ufffd\ufffdt always show related sites with\n scrollable tab strip\n - DNA-96608 Cannot drag a tab to create a new window\n - DNA-96657 Do not make tab tooltip hoverable if there\ufffd\ufffd\ufffds no list of\n tabs\n - DNA-97291 Crash at\n opera::flow::FlowSessionImpl::RegisterDevice(base::OnceCallback)\n - DNA-97468 Incorrect number of restored tabs when video-popout is\n detached\n - DNA-97476 Add retry to stapling during signing\n - DNA-97609 Failing MetricsReporterTest.TimeSpent* smoketests\n\n - Update to 83.0.4254.27\n - CHR-8737 Update chromium on desktop-stable-97-4254 to 97.0.4692.99\n - DNA-96336 [Mac] Translate new network installer slogan\n - DNA-96678 Add battery level monitoring capability to powerSavePrivate\n - DNA-96939 Crash at\n opera::ExternalVideoService::MarkAsManuallyClosed()\n - DNA-97276 Enable #static-tab-audio-indicator on all streams\n - The update to chromium 97.0.4692.99 fixes following issues:\n CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292,\n CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296,\n CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301,\n CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306,\n CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311\n\n - Update to 83.0.4254.19\n - DNA-96079 Turn on #automatic-video-popout on developer\n - DNA-97070 Opera 83 translations\n - DNA-97119 [LastCard] Stop showing used burner cards\n - DNA-97131 Enable automatic-video-popout on all streams from O84 on\n - DNA-97257 Crash at views::ImageButton::SetMinimumImageSize(gfx::Size\n const&)\n - DNA-97259 Promote O83 to stable\n - Complete Opera 83.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-83/\n - Update to 83.0.4254.16\n - DNA-96968 Fix alignment of the 'Advanced' button in Settings\n - Update to 83.0.4254.14\n - CHR-8701 Update chromium on desktop-stable-97-4254 to 97.0.4692.45\n - CHR-8713 Update chromium on desktop-stable-97-4254 to 97.0.4692.56\n - CHR-8723 Update chromium on desktop-stable-97-4254 to 97.0.4692.71\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96822 Tab close resize behavior change\n - DNA-96861 Create Loomi Options menu\n - DNA-96904 Support Win11 snap layout popup\n - DNA-96951 Tab close animation broken\n - DNA-96991 Tab X button doesn\ufffd\ufffd\ufffdt work correctly\n - DNA-97027 Incorrect tab size after tab close\n - The update to chromium 97.0.4692.71 fixes following issues:\n CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099,\n CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103,\n CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106,\n CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110,\n CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113,\n CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117,\n CVE-2022-0118, CVE-2022-0120\n\n - Update to version 82.0.4227.58\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96890 Settings default browser not working for current user on\n Windows 7\n\n - Update to version 82.0.4227.43\n - CHR-8705 Update chromium on desktop-stable-96-4227 to 96.0.4664.110\n - DNA-93284 Unstable\n obj/opera/desktop/common/installer_rc_generated/installer.res\n - DNA-95908 Interstitial/internal pages shown as NOT SECURE after\n visiting http site\n - DNA-96404 Opera doesn\ufffd\ufffd\ufffdt show on main screen when second screen is\n abruptly disconnected\n - The update to chromium 96.0.4664.110 fixes following issues:\n CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102\n\n - Update to version 82.0.4227.33\n - CHR-8689 Update chromium on desktop-stable-96-4227 to 96.0.4664.93\n - DNA-96559 Tooltip popup looks bad in dark theme\n - DNA-96570 [Player] Tidal logging in via PLAY doesn\ufffd\ufffd\ufffdt work\n - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks\n - DNA-96649 Update Meme button\n - DNA-96676 Add Icon in the Sidebar Setup\n - DNA-96677 Add default URL\n - The update to chromium 96.0.4664.93 fixes following issues:\n CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054,\n CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057,\n CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062,\n CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066,\n CVE-2021-4067, CVE-2021-4068\n\n - Update to version 82.0.4227.23\n - DNA-95632 With new au-logic UUID is set with delay and may be not set\n for pb-builds (when closing fast)\n - DNA-96349 Laggy tooltip animation\n - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap version\n for Opera 82\n - DNA-96493 Create 'small' enticement in credit card autofill\n - DNA-96533 Opera 82 translations\n - DNA-96535 Make the URL configurable\n - DNA-96553 Add switch to whitelist test pages\n - DNA-96557 Links not opened from panel\n - DNA-96558 AdBlock bloks some trackers inside the panel\n - DNA-96568 [Player] Tidal in sidebar Player opens wrong site when\n logging in\n - DNA-96659 Siteprefs not applied after network service crash\n - DNA-96593 Promote O82 to stable\n - Complete Opera 82.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-82/\n - Update to version 82.0.4227.13\n - CHR-8668 Update chromium on desktop-stable-96-4227 to 96.0.4664.45\n - DNA-76987 [Mac] Update desktop EULA with geolocation split\n - DNA-93388 Problem with symlinks on windows when creating file list\n - DNA-95734 Discarded Recently Closed items get revived after restart\n - DNA-96134 \"Your profile has been updated\" does not disappear\n - DNA-96190 Opera freezes when trying to drag expanded bookmark folder\n with nested subfolders\n - DNA-96223 Easy Files not working in Full Screen\n - DNA-96274 Checkout autofill shouldn't show used burner card\n - DNA-96275 Change the notification message for pausing multi-use cards\n - DNA-96295 \"Video pop out\" setting doesn't sync\n - DNA-96316 Highlight text wrong colour on dark mode\n - DNA-96326 Wrong translation Private Mode > Turkish\n - DNA-96351 macOS window controls are missing in full screen\n - DNA-96440 Update video URL\n - DNA-96448 add option to pin extension via rich hints\n - DNA-96453 Register user-chosen option on client-side, read on hint side\n - DNA-96454 Choosing an option from the settings menu should close the\n popup\n - DNA-96484 Enable AB test for a new autoupdater logic (for 50%)\n - DNA-96500 Add \"don't show me again\" prefs to allowed whitelist\n - DNA-96538 Inline audiocomplete for www.mediaexpert.pl incorrectly\n suggested\n - The update to chromium 96.0.4664.45 fixes following issues:\n CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008,\n CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012,\n CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016,\n CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021,\n CVE-2021-38022\n\n\n - Update to version 81.0.4196.54\n - CHR-8644 Update chromium on desktop-stable-95-4196 to 95.0.4638.69\n - DNA-95773 ExtensionWebRequestApiTest crashes on mac\n - DNA-96062 Opera 81 translations\n - DNA-96134 \ufffd\ufffd\ufffdYour profile has been updated\ufffd\ufffd\ufffd does not disappear\n - DNA-96274 Checkout autofill shouldn\ufffd\ufffd\ufffdt show used burner card\n - DNA-96275 Change the notification message for pausing multi-use cards\n - DNA-96440 Update video URL\n - The update to chromium 95.0.4638.69 fixes following issues:\n CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980,\n CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004\n - Update to version 81.0.4196.37\n - DNA-96008 Crash at\n content::WebContentsImpl::OpenURL(content::OpenURLParams const&)\n - DNA-96032 Closing the videoconference pop-up force leaving the meeting\n - DNA-96092 Crash at void\n opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result)\n - DNA-96142 [Yat] Emoji icon cut off in URL for Yat\n\n - Update to version 81.0.4196.31\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95736 Update UI for paused card\n - DNA-95791 Crash at base::operator<\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96035 Cannot create virtual card on Sandbox environment\n - DNA-96147 \ufffd\ufffd\ufffdBuy\ufffd\ufffd\ufffd button does not work\n - DNA-96168 Update contributors list\n - DNA-96211 Enable #fast-tab-tooltip on all streams\n - DNA-96231 Promote O81 to stable\n - Complete Opera 80.1 changelog at:\n https://blogs.opera.com/desktop/changelog-for-81/\n - Update to version 81.0.4196.27\n - CHR-8623 Update chromium on desktop-stable-95-4196 to 95.0.4638.54\n - DNA-92384 Better segmenting of hint users\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95747 Better way to handle expired funding card\n - DNA-95949 [Mac Retina] Clicking active tab should scroll to the top\n - DNA-95993 Update icon used for Yat in address bar dropdown\n - DNA-96021 Cleared download item view is never deleted\n - DNA-96036 Occupation field in 'Account \ufffd\ufffd\ufffd Edit' is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \"Add Card\" button does not change to \"Upgrade Plan\" after\n adding card\n - The update to chromium 95.0.4638.54 fixes following issues:\n CVE-2021-37981, CVE-2021-37982, CVE-2021-37983, CVE-2021-37984,\n CVE-2021-37985, CVE-2021-37986, CVE-2021-37987, CVE-2021-37988,\n CVE-2021-37989, CVE-2021-37990, CVE-2021-37991, CVE-2021-37992,\n CVE-2021-37993, CVE-2021-37994, CVE-2021-37995, CVE-2021-37996\n\n - Update to version 80.0.4170.72\n - DNA-95522 Change card view to show all types of cards\n - DNA-95523 Allow sorting in multi-card view\n - DNA-95524 Allow searching for cards by name\n - DNA-95658 Allow user to add a card\n - DNA-95659 Flow of Lastcard on first login\n - DNA-95660 Implement editing card details\n - DNA-95699 Add card details view\n - DNA-95733 Implement the \ufffd\ufffd\ufffdManage\ufffd\ufffd\ufffd menu in card details view\n - DNA-95735 Implement the button that reveals full card details\n - DNA-95736 Update UI for paused card\n - DNA-95747 Better way to handle expired funding card\n - DNA-95794 Sometimes the sidebar UI fails to load\n - DNA-95812 Retrieve cards info when showing autofill\n - DNA-96036 Occupation field in \ufffd\ufffd\ufffdAccount \ufffd\ufffd\ufffd Edit\ufffd\ufffd\ufffd is shown twice\n - DNA-96127 Upgrade plan button does nothing\n - DNA-96138 \ufffd\ufffd\ufffdAdd Card\ufffd\ufffd\ufffd button does not change to \ufffd\ufffd\ufffdUpgrade Plan\ufffd\ufffd\ufffd\n after adding card\n\n - Update to version 80.0.4170.63\n - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81\n - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme()\n - The update to chromium 94.0.4606.81 fixes following issues:\n CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980\n\n - Update to version 80.0.4170.40\n - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71\n - DNA-95221 Emoji button stuck in address bar\n - DNA-95325 Make y.at navigations to be reported with page_views events\n - DNA-95327 Add \ufffd\ufffd\ufffdEmojis\ufffd\ufffd\ufffd context menu option in address bar field\n - DNA-95339 Add YAT emoji url suggestion to search\ufffd\ufffd dialog\n - DNA-95416 Remove emoji button from address bar\n - DNA-95439 Enable #yat-emoji-addresses on developer stream\n - DNA-95441 [Mac big sur] Emoji are not shown in address bar url\n - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource\n ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom::\n LifecycleUnitState, mojom::LifecycleUnitStateChangeReason)\n - DNA-95746 Enable #reader-mode everywhere\n - DNA-95865 Numbers are recognized as emojis\n - DNA-95866 Change Yat text in selection popup\n - DNA-95867 Show that buttons are clickable in selection popup\n - The update to chromium 94.0.4606.71 fixes following issues:\n CVE-2021-37974, CVE-2021-37975, CVE-2021-37976\n\n - Update to version 80.0.4170.16\n - CHR-8590 Update chromium on desktop-stable-94-4170 to 94.0.4606.61\n - DNA-95347 Make InstallerStep::Run async\n - DNA-95420 First suggestion in address field is often not highlighted\n - DNA-95613 Browser closing itself after closing SD/first tab and last\n opened tab\n - DNA-95725 Promote O80 to stable\n - DNA-95781 Import fixes for CVE-2021-37975, CVE-2021-37976 and\n CVE-2021-37974 to desktop-stable-94-4170\n - Complete Opera 80.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-80/\n - Drop Provides/Obsoletes for opera-gtk and opera-kde4\n opera-gtk and opera-kde4 were last used in openSUSE 13.1\n - Drop post/postun for desktop_database_post and icon_theme_cache_post\n because were last used before\n openSUSE 15.0\n\n - Update to version 79.0.4143.72\n - DNA-94933 Add emoji panel to address bar\n - DNA-95210 Add emoji YAT address bar suggestions\n - DNA-95221 Emoji button stuck in address bar\n - DNA-95325 Make y.at navigations to be reported with page_views events\n - DNA-95327 Add \ufffd\ufffd\ufffdEmojis\ufffd\ufffd\ufffd context menu option in address bar field\n - DNA-95339 Add YAT emoji url suggestion to search\ufffd\ufffd dialog\n - DNA-95364 Add browser feature flag\n - DNA-95416 Remove emoji button from address bar\n - DNA-95439 Enable #yat-emoji-addresses on developer stream\n - DNA-95441 [Mac big sur] Emoji are not shown in address bar url\n - DNA-95445 Crash when removing unsynced pinboard bookmark with sync\n enabled\n - DNA-95512 Allow to show title and timer for simple banners\n - DNA-95516 Wrong label in settings for themes\n - DNA-95679 Temporarily disable AB test for a new autoupdater logic\n\n - Update to version 79.0.4143.50\n - CHR-8571 Update chromium on desktop-stable-93-4143 to 93.0.4577.82\n - DNA-94104 ContinueShoppingOnEbayBrowserTest.ShouldDisplayOffers\n TilesStartingWithMostActiveOnes fails\n - DNA-94894 [Rich Hint] Agent API permissions\n - DNA-94989 Wrong color and appearance of subpages in the settings\n - DNA-95241 \ufffd\ufffd\ufffdSwitch to tab\ufffd\ufffd\ufffd button is visible only on hover\n - DNA-95286 Add unit tests to pinboard sync related logic in browser\n - DNA-95372 [Mac retina screen] Snapshot doesnt capture cropped area\n - DNA-95526 Some webstore extensions are not verified properly\n - The update to chromium 93.0.4577.82 fixes following issues:\n CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628,\n CVE-2021-30629, CVE-2021-30630, CVE-2021-30631, CVE-2021-30632,\n CVE-2021-30633\n\n - Update to version 79.0.4143.22\n - CHR-8550 Update chromium on desktop-stable-93-4143 to 93.0.4577.58\n - CHR-8557 Update chromium on desktop-stable-93-4143 to 93.0.4577.63\n - DNA-94641 [Linux] Proprietary media codecs not working in snap builds\n - DNA-95076 [Linux] Page crash with media content\n - DNA-95084 [Mac] Cannot quit through menu with snapshot editor open\n - DNA-95138 Add setting to synchronize Pinboards\n - DNA-95157 Crash at -[OperaCrApplication sendEvent:]\n - DNA-95204 Opera 79 translations\n - DNA-95240 The pinboard thumbnail cannot be generated anymore\n - DNA-95278 Existing Pinboards might be missing\n - DNA-95292 Enable #bookmarks-trash-cleaner on all streams\n - DNA-95293 Enable #easy-files-downloads-folder on all streams\n - DNA-95383 Promote O79 to stable\n - Complete Opera 79.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-79/\n - The update to chromium 93.0.4577.58 fixes following issues:\n CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609,\n CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613,\n CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617,\n CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621,\n CVE-2021-30622, CVE-2021-30623, CVE-2021-30624\n\n - Update to version 78.0.4093.184\n - CHR-8533 Update chromium on desktop-stable-92-4093 to 92.0.4515.159\n - DNA-93472 Reattaching to other browsers\n - DNA-93741 Multiple hint slots\n - DNA-93742 Allow displaying unobtrusive external hints\n - DNA-93744 Add slots in toolbar action view\n - DNA-94230 Improve text contrast for Speed Dials\n - DNA-94724 [Mac] Add macOS dark theme wallpaper with easy setup\n - DNA-94786 Crash at base::SupportsUserData:: SetUserData(void const*,\n std::__1::unique_ptr)\n - DNA-94807 Allow scripts access opera version and product info\n - DNA-94862 Continue on shopping Amazon doesn\ufffd\ufffd\ufffdt work correct\n - DNA-94870 Add an addonsPrivate function to install with permissions\n dialog first\n - DNA-95064 Revert DNA-93714 on stable\n - The update to chromium 92.0.4515.159 fixes following issues:\n CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601,\n CVE-2021-30602, CVE-2021-30603, CVE-2021-30604\n\n\n - Update to version 78.0.4093.147\n - CHR-8251 Update chromium on desktop-stable-92-4093 to 92.0.4515.131\n - DNA-93036 Opera not starting after closing window. Processes still\n working.\n - DNA-94516 Add \ufffd\ufffd\ufffdDetach tab\ufffd\ufffd\ufffd entry to tab menu\n - DNA-94584 [Mac] Sidebar setup not closed after press \ufffd\ufffd\ufffdAdd\n extensions\ufffd\ufffd\ufffd button\n - DNA-94761 Crash when trying to record \ufffd\ufffd\ufffdChrome developer\ufffd\ufffd\ufffd trace\n - DNA-94790 Crash at opera::VideoConferenceTabDetachController::\n OnBrowserAboutToStartClosing(Browser*)\n - The update to chromium 92.0.4515.131 fixes following issues:\n CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593,\n CVE-2021-30594, CVE-2021-30596, CVE-2021-30597\n\n - Update to version 78.0.4093.112\n - DNA-94466 Implement sorting Pinboards in overview\n - DNA-94582 Add access to APIs for showing pinboard icon in sidebar\n - DNA-94603 Suspicious pinboards events\n - DNA-94625 Disable opr.pinboardPrivate.getThumbnail() for local files\n - DNA-94640 Promote O78 to stable\n - DNA-94661 Missing translations for some languages\n - Complete Opera 78.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-78/\n\n - Update to version 77.0.4054.277\n - CHR-8502 Update chromium on desktop-stable-91-4054 to 91.0.4472.164\n - DNA-94291 Video conference popout doesnt remember its size after\n resizing\n - DNA-94399 Incorrect icon for wp.pl in address bar dropdown\n - DNA-94462 Low quality of default wallpaper on windows\n - The update to chromium 91.0.4472.164 fixes following issues:\n CVE-2021-30541, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562,\n CVE-2021-30563, CVE-2021-30564\n\n - Update to version 77.0.4054.254\n - DNA-92344 Windows 10 Implementation\n - DNA-92486 Replace \ufffd\ufffd\ufffd icon with \ufffd\ufffd\ufffdsettings\ufffd\ufffd\ufffd icon\n - DNA-92487 Close individual item\n - DNA-92496 Create separate entry in settings for BABE\n - DNA-93275 Implement cycles size according to design\n - DNA-93280 The system theme has only half a checkmark\n - DNA-93728 Whatsapp notification is not refreshed\n - DNA-94047 Remove pinboard WebUI integration\n - DNA-94118 Write test for ThumbnailTabHelper changes in DNA-94100\n - DNA-94120 Fix Welcome popup layout\n - DNA-94140 Crash at base::TaskRunner ::PostTask(base::Location const&,\n base::OnceCallback)\n - DNA-94205 Consider setting pinboard display URL in\n address_field_helper.cc\n - DNA-94211 Easy Files don\ufffd\ufffd\ufffdt show thumbnails\n - DNA-94309 Pinboards URLs don\ufffd\ufffd\ufffdt get lighter color treatment\n - DNA-94318 Wrong \ufffd\ufffd\ufffdTransparency\ufffd\ufffd\ufffd word translation in Swedish\n - DNA-94321 AB test: google suggestions on top \ufffd\ufffd\ufffd bigger test\n - DNA-94341 Make pinboard popup testable on web page\n - DNA-94381 Disabling Pinboards doesn\ufffd\ufffd\ufffdt remove item from menu / sidebar\n - DNA-94392 Add u2f-devices interface to snap packages\n - DNA-94461 Enable #system-theme on all streams\n\n - Update to version 77.0.4054.203\n - CHR-8475 Update chromium on desktop-stable-91-4054 to 91.0.4472.124\n - DNA-93523 Crash at extensions::TabHelper::WebContentsDestroyed()\n - DNA-93917 Upload snap to edge while preparing repository package\n - DNA-94157 Crash at gfx::ICCProfile::operator=(gfx::ICCProfile const&)\n - DNA-94159 Crash at\n opera::auth::AuthAccountServiceImpl::GetAuthAccount()\n - DNA-94161 [Add tabs]Unexpected symbols instead of Workspace name\n - DNA-94241 Implement better process killing for timeout\n - DNA-94248 Allow retry on tests that timed-out\n - DNA-94251 heap-use-after-free in VideoConference\n - DNA-94315 Crash at class std::__1::basic_string ui::ResourceBundle::\n LoadLocaleResources(const class std::__1::basic_string& const, bool)\n - DNA-94357 Fix issue in scripts\n\n - Update to version 77.0.4054.172\n - DNA-93078 Do not display \ufffd\ufffd\ufffdshare tab\ufffd\ufffd\ufffd sliding toolbar on detached\n tab\n - DNA-93358 The red underline extends beyond the Google meets conference\n tab outline\n - DNA-93404 Crash in test when destroying BABE\ufffd\ufffd\ufffds webcontents\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93661 Add opauto test to cover new shortcut from DNA-93637\n - DNA-93867 Use version from package instead of repository\n - DNA-93993 Pinboard translations from Master\n - DNA-94099 Increase new-autoupdater-logic AB test to cover 50% of new\n installations\n - DNA-94100 Thumbnail doesn\ufffd\ufffd\ufffdt update\n - DNA-94178 Automatic popout should not happen after manually closing a\n popout\n\n - Update to version 77.0.4054.146\n - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114\n - DNA-92171 Create active linkdiscovery service\n - DNA-92388 Fix and unskip\n WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible\n - DNA-93101 Tabs are being snoozed when tab snoozing is disabled\n - DNA-93386 Update pinboard view when item changes\n - DNA-93448 Make browser ready for Developer release\n - DNA-93491 Fix failing tests after enabling #pinboard flag\n - DNA-93498 Add additional music services\n - DNA-93503 Blank popup on clicking toolbar icon with popup open\n - DNA-93561 Do not allow zoom different from 100% in Pinboard popup\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93644 Create route for `import open tabs` to `pinboard`\n - DNA-93664 Adapt popup to design\n - DNA-93702 Turn on flags on developer\n - DNA-93737 [Pinboard] Remove Mock API\n - DNA-93745 Unable to open the popup after opening it several times\n - DNA-93776 Popup closes and reopens when clicking the toolbar button\n - DNA-93786 DCHECK after opening popup\n - DNA-93802 Crash at views::Widget::GetNativeView() const\n - DNA-93810 Add pinboard icon to sidebar\n - DNA-93825 Add pinboard to Opera menu\n - DNA-93833 [Player] Implement seeking for new services\n - DNA-93845 Do not log output of snapcraft on console\n - DNA-93864 Create feature flag for start page sync banner\n - DNA-93865 Implement start page banner\n - DNA-93867 Use version from package instead of repository\n - DNA-93878 [Player] Crash when current player service becomes\n unavailable when user location changes\n - DNA-93953 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd has the wrong position in the\n context menu\n - DNA-93987 Disable zooming popup contents like in other popups\n - DNA-93989 Change internal URL to opera://pinboards\n - DNA-93990 Update strings to reflect new standards\n - DNA-93992 Add Pinboards to Opera settings\n - DNA-93993 Pinboard translations from Master\n - DNA-94011 Enable feature flags for Reborn 5 on stable\n - DNA-94019 Add a direct link to settings\n - DNA-94088 Internal pages provoke not saving other pages to the Pinboard\n - DNA-94111 [O77] Sidebar setup does not open\n - DNA-94139 Crash at\n opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget()\n - The update to chromium 91.0.4472.114 fixes following issues:\n CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557\n\n - Update to version 77.0.4054.90\n - CHR-8446 Update chromium on desktop-stable-91-4054 to 91.0.4472.101\n - The update to chromium 91.0.4472.101 fixes following issues:\n CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547,\n CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,\n CVE-2021-30552, CVE-2021-30553\n - Update to version 77.0.4054.80\n - DNA-93656 Active cards in checkout Auto-fill\n - DNA-93805 Create snap packages in buildsign\n - DNA-93823 archive_opera_snap failures on Linux\n - DNA-93844 Fix AttributeError in package_type.py\n\n\n - Update to version 77.0.4054.64\n - DNA-93159 Implement image(preview) of each created pinboard\n - DNA-93273 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd doesn\ufffd\ufffd\ufffdt work correct on\n staging server\n - DNA-93277 Add/update opauto tests for the System Theme WP1\n implementation p.1\n - DNA-93286 [BigSur] YT not being reloaded when opened from link\n - DNA-93296 Opera 77 translations\n - DNA-93372 Build new edition for Axel Springer\n - DNA-93376 Write unittests for PinboardImageCollector\n - DNA-93401 [LastCard] Do not change user state if not needed\n - DNA-93409 Animation with hat and glasses is missing in Private mode\n - DNA-93443 API opr.pinboardPrivate.getThumbnail() returns\n old thumbnail image\n - DNA-93509 Add Opera switch for pinboard staging backend and use it for\n tests\n - DNA-93519 [Sidebar] WhatsApp \ufffd\ufffd\ufffdLog out\ufffd\ufffd\ufffd doesn\ufffd\ufffd\ufffdt work\n - DNA-93634 Fix errors in Slovak translations\n - DNA-93724 Some webstore extensions are not verified properly\n - Complete Opera 77.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-77/\n\n - Update to version 76.0.4017.177\n - DNA-92597 Sound controller doesn\ufffd\ufffd\ufffdt work after pressing \ufffd\ufffd\ufffdNext\ufffd\ufffd\ufffd\n button\n - DNA-93405 Import vmp_signer instead of starting new python process\n - DNA-93406 [Mac] Import plist_util instead of calling script in\n _generateAppEntitlements\n - DNA-93442 Make GX Control panel attachable by webdriver\n - DNA-93554 [AdBlock] Find a fix for blocking \ufffd\ufffd\ufffdnew\ufffd\ufffd\ufffd YouTube ads\n - DNA-93587 Pre-refactor solution\n\n - Update to version 76.0.4017.154\n - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode\n - DNA-92587 Sync settings: \ufffd\ufffd\ufffdUse old password\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work\n - DNA-92672 Make it possible for agent to inject scripts into startpage\n - DNA-92712 Add SD reload API\n - DNA-93190 The bookmark can\ufffd\ufffd\ufffdt be opened in Workspace 5-6\n - DNA-93247 Reopen last closed tab shortcut opens random tab on new\n window\n - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit\n builds\n - DNA-93313 Add opauto test to cover DNA-93190\n - DNA-93368 Fix an error in Polish translation\n - DNA-93408 [Windows] widevine_cdm_component_installer does not compile\n on desktop-stable-90-4017\n - The update to chromium 90.0.4430.212 fixes following issues:\n CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509,\n CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513,\n CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517,\n CVE-2021-30518, CVE-2021-30519, CVE-2021-30520\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-110=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-04-08T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30541", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557", "CVE-2021-30560", "CVE-2021-30561", "CVE-2021-30562", "CVE-2021-30563", "CVE-2021-30564", "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597", "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604", "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624", "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980", "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996", "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003", "CVE-2021-38004", "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102", "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120", "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311", "CVE-2022-0452", "CVE-2022-0453", "CVE-2022-0454", "CVE-2022-0455", "CVE-2022-0456", "CVE-2022-0457", "CVE-2022-0458", "CVE-2022-0459", "CVE-2022-0460", "CVE-2022-0461", "CVE-2022-0462", "CVE-2022-0463", "CVE-2022-0464", "CVE-2022-0465", "CVE-2022-0466", "CVE-2022-0467", "CVE-2022-0468", "CVE-2022-0469", "CVE-2022-0470", "CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-1096"], "modified": "2022-04-08T00:00:00", "id": "OPENSUSE-SU-2022:0110-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZOJPFVCOKYO6YUMKBJPTCF74IGAYK5K4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 11 security fixes, including:\n\n[1290008] High CVE-2022-0603: Use after free in File Manager.\n\t Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22\n[1273397] High CVE-2022-0604: Heap buffer overflow in Tab\n\t Groups. Reported by Krace on 2021-11-24\n[1286940] High CVE-2022-0605: Use after free in Webstore API.\n\t Reported by Thomas Orlita on 2022-01-13\n[1288020] High CVE-2022-0606: Use after free in ANGLE. Reported\n\t by Cassidy Kim of Amber Security Lab, OPPO Mobile\n\t Telecommunications Corp. Ltd. on 2022-01-17\n[1250655] High CVE-2022-0607: Use after free in GPU. Reported by\n\t 0x74960 on 2021-09-17\n[1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported\n\t by Sergei Glazunov of Google Project Zero on 2021-11-16\n[1296150] High CVE-2022-0609: Use after free in Animation.\n\t Reported by Adam Weidemann and Cl\u00e9ment Lecigne of Google'\n\t Threat Analysis Group on 2022-02-10\n[1285449] Medium CVE-2022-0610: Inappropriate implementation in\n\t Gamepad API. Reported by Anonymous on 2022-01-08\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-14T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-14T00:00:00", "id": "E12432AF-8E73-11EC-8BC4-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/e12432af-8e73-11ec-8bc4-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-12-03T16:01:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5079-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 17, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 \n CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610\nDebian Bug : 954824 970571 1005230 1005466\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 98.0.4758.102-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-17T22:13:55", "type": "debian", "title": "[SECURITY] [DSA 5079-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-17T22:13:55", "id": "DEBIAN:DSA-5079-1:4C05B", "href": "https://lists.debian.org/debian-security-announce/2022/msg00046.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2023-12-03T15:17:07", "description": "The Stable channel has been updated to 98.0.4758.102 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 98.0.4758.102 for Windows and Mac which will roll out over the coming days/weeks\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/98.0.4758.80..98.0.4758.102?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n** \n**\n\nSecurity Fixes and Rewards\n\n\n\n\n_Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed._\n\n** \n**\n\nThis update includes [11](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M98>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n** \n**\n\n[$15000][[1290008](<https://crbug.com/1290008>)] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22\n\n[$7000][[1273397](<https://crbug.com/1273397>)] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24\n\n[$7000][[1286940](<https://crbug.com/1286940>)] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13\n\n[$7000][[1288020](<https://crbug.com/1288020>)] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17\n\n[$TBD][[1250655](<https://crbug.com/1250655>)] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17\n\n[$NA][[1270333](<https://crbug.com/1270333>)] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16\n\n[$NA][[1296150](<https://crbug.com/1296150>)] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Cl\u00e9ment Lecigne of Google's Threat Analysis Group on 2022-02-10\n\n[$TBD][[1285449](<https://crbug.com/1285449>)] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08\n\n** \n**\n\n** \n**\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n** \n**\n\nGoogle is aware of reports that an exploit for CVE-2022-0609 exists in the wild. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1297168](<https://crbug.com/1297168>)] Various fixes from internal audits, fuzzing and other initiatives\n\n** \n**\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-14T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-14T00:00:00", "id": "GCSA-5842936521181266609", "href": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:41:35", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5079 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-18T00:00:00", "type": "nessus", "title": "Debian DSA-5079-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-05-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5079.NASL", "href": "https://www.tenable.com/plugins/nessus/158158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5079. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158158);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n script_xref(name:\"IAVA\", value:\"2022-A-0086-S\");\n\n script_name(english:\"Debian DSA-5079-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5079 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who\n convinced a user to install a malicious extension and engage in specific user interaction to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a\n user to install a malicious extension and convinced a user to enage in specific user interaction to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 98.0.4758.102-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '98.0.4758.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '98.0.4758.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '98.0.4758.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '98.0.4758.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '98.0.4758.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '98.0.4758.102-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-07T16:22:03", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e12432af-8e73-11ec-8bc4-3065ec8fd3ec advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-15T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (e12432af-8e73-11ec-8bc4-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E12432AF8E7311EC8BC43065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/158073", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158073);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0086-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (e12432af-8e73-11ec-8bc4-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the e12432af-8e73-11ec-8bc4-3065ec8fd3ec advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who\n convinced a user to install a malicious extension and engage in specific user interaction to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a\n user to install a malicious extension and convinced a user to enage in specific user interaction to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a5bae0d\");\n # https://vuxml.freebsd.org/freebsd/e12432af-8e73-11ec-8bc4-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f87fbf1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<98.0.4758.102'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:35", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.55. It is, therefore, affected by multiple vulnerabilities as referenced in the February 16, 2022 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-16T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 98.0.1108.55 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-05-03T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_98_0_1108_55.NASL", "href": "https://www.tenable.com/plugins/nessus/158097", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158097);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n script_xref(name:\"IAVA\", value:\"2022-A-0086-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 98.0.1108.55 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.55. It is, therefore, affected\nby multiple vulnerabilities as referenced in the February 16, 2022 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who\n convinced a user to install a malicious extension and engage in specific user interaction to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a\n user to install a malicious extension and convinced a user to enage in specific user interaction to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-16-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e17239f6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0610\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 98.0.1108.55 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '98.0.1108.55' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:37", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0042-1 advisory.\n\n - Use after free in File Manager. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups. (CVE-2022-0604)\n\n - Use after free in Webstore API. (CVE-2022-0605)\n\n - Use after free in ANGLE. (CVE-2022-0606)\n\n - Use after free in GPU. (CVE-2022-0607)\n\n - Integer overflow in Mojo. (CVE-2022-0608)\n\n - Use after free in Animation. (CVE-2022-0609)\n\n - Inappropriate implementation in Gamepad API. (CVE-2022-0610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-22T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0042-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0042-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158240", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0042-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158240);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0042-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0042-1 advisory.\n\n - Use after free in File Manager. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups. (CVE-2022-0604)\n\n - Use after free in Webstore API. (CVE-2022-0605)\n\n - Use after free in ANGLE. (CVE-2022-0606)\n\n - Use after free in GPU. (CVE-2022-0607)\n\n - Integer overflow in Mojo. (CVE-2022-0608)\n\n - Use after free in Animation. (CVE-2022-0609)\n\n - Inappropriate implementation in Gamepad API. (CVE-2022-0610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195986\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAORTPDMHKSRQIYVJOF76VFIUP5OMBJA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f05e4e32\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0610\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-98.0.4758.102-bp153.2.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-98.0.4758.102-bp153.2.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-98.0.4758.102-bp153.2.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-98.0.4758.102-bp153.2.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:15:02", "description": "The version of Google Chrome installed on the remote Windows host is prior to 98.0.4758.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_02_stable-channel-update-for-desktop_14 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-14T00:00:00", "type": "nessus", "title": "Google Chrome < 98.0.4758.102 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-05-03T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_98_0_4758_102.NASL", "href": "https://www.tenable.com/plugins/nessus/158051", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158051);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0086-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n\n script_name(english:\"Google Chrome < 98.0.4758.102 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 98.0.4758.102. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_02_stable-channel-update-for-desktop_14 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who\n convinced a user to install a malicious extension and engage in specific user interaction to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a\n user to install a malicious extension and convinced a user to enage in specific user interaction to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a5bae0d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1290008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1286940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1288020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1270333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1296150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1285449\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 98.0.4758.102 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'98.0.4758.102', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:15:02", "description": "The version of Google Chrome installed on the remote macOS host is prior to 98.0.4758.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_02_stable-channel-update-for-desktop_14 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-14T00:00:00", "type": "nessus", "title": "Google Chrome < 98.0.4758.102 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-05-03T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_98_0_4758_102.NASL", "href": "https://www.tenable.com/plugins/nessus/158050", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158050);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0086-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n\n script_name(english:\"Google Chrome < 98.0.4758.102 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 98.0.4758.102. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_02_stable-channel-update-for-desktop_14 advisory.\n\n - Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0610)\n\n - Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who\n convinced a user to install a malicious extension and engage in specific user interaction to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0604)\n\n - Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a\n user to install a malicious extension and convinced a user to enage in specific user interaction to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0605)\n\n - Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0606)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a5bae0d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1290008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1273397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1286940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1288020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1270333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1296150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1285449\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 98.0.4758.102 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'98.0.4758.102', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-08T16:19:29", "description": "The remote host is affected by the vulnerability described in GLSA-202202-02 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n - Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0609)\n\n - Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0452)\n\n - Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0453)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0454)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0455)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-20T00:00:00", "type": "nessus", "title": "GLSA-202202-02 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0452", "CVE-2022-0453", "CVE-2022-0454", "CVE-2022-0455", "CVE-2022-0456", "CVE-2022-0457", "CVE-2022-0458", "CVE-2022-0459", "CVE-2022-0460", "CVE-2022-0461", "CVE-2022-0462", "CVE-2022-0463", "CVE-2022-0464", "CVE-2022-0465", "CVE-2022-0466", "CVE-2022-0467", "CVE-2022-0468", "CVE-2022-0469", "CVE-2022-0470", "CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202202-02.NASL", "href": "https://www.tenable.com/plugins/nessus/158198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202202-02.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158198);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\n \"CVE-2022-0452\",\n \"CVE-2022-0453\",\n \"CVE-2022-0454\",\n \"CVE-2022-0455\",\n \"CVE-2022-0456\",\n \"CVE-2022-0457\",\n \"CVE-2022-0458\",\n \"CVE-2022-0459\",\n \"CVE-2022-0460\",\n \"CVE-2022-0461\",\n \"CVE-2022-0462\",\n \"CVE-2022-0463\",\n \"CVE-2022-0464\",\n \"CVE-2022-0465\",\n \"CVE-2022-0466\",\n \"CVE-2022-0467\",\n \"CVE-2022-0468\",\n \"CVE-2022-0469\",\n \"CVE-2022-0470\",\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n\n script_name(english:\"GLSA-202202-02 : Chromium, Google Chrome: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202202-02 (Chromium, Google Chrome: Multiple\nvulnerabilities)\n\n - Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0609)\n\n - Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0452)\n\n - Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0453)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0454)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0455)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202202-02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833432\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-98.0.4758.102\n \nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-98.0.4758.102\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0466\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 98.0.4758.102\"),\n 'vulnerable' : make_list(\"lt 98.0.4758.102\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 98.0.4758.102\"),\n 'vulnerable' : make_list(\"lt 98.0.4758.102\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-03T17:05:10", "description": "### *Detect date*:\n02/16/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-0603](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0603>) \n[CVE-2022-0610](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0610>) \n[CVE-2022-0609](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0609>) \n[CVE-2022-0604](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0604>) \n[CVE-2022-0606](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0606>) \n[CVE-2022-0608](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0608>) \n[CVE-2022-0605](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0605>) \n[CVE-2022-0607](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0607>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-0603](<https://vulners.com/cve/CVE-2022-0603>)6.8High \n[CVE-2022-0605](<https://vulners.com/cve/CVE-2022-0605>)6.8High \n[CVE-2022-0608](<https://vulners.com/cve/CVE-2022-0608>)6.8High \n[CVE-2022-0604](<https://vulners.com/cve/CVE-2022-0604>)6.8High \n[CVE-2022-0606](<https://vulners.com/cve/CVE-2022-0606>)6.8High \n[CVE-2022-0610](<https://vulners.com/cve/CVE-2022-0610>)6.8High \n[CVE-2022-0607](<https://vulners.com/cve/CVE-2022-0607>)6.8High \n[CVE-2022-0609](<https://vulners.com/cve/CVE-2022-0609>)6.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-16T00:00:00", "type": "kaspersky", "title": "KLA12464 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2023-03-28T00:00:00", "id": "KLA12464", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12464/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2022-12-14T08:08:58", "description": "Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug ([CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>); _QID 377804_) is a Type Confusion vulnerability in Chrome\u2019s V8 JavaScript Engine.\n\nGoogle has withheld details about the vulnerability to prevent expanding its malicious exploitation and to allow users time to apply the security updates necessary on their Chrome installations.\n\nGoogle\u2019s previous zero-days were also released right before a weekend (see [Don\u2019t spend another weekend patching Chrome](<https://blog.qualys.com/product-tech/2022/10/28/chrome-zero-day-cve-2022-3723>) and [Don\u2019t Spend Your Holiday Season Patching Chrome](<https://blog.qualys.com/product-tech/patch-management/2022/11/29/dont-spend-your-holiday-season-patching-chrome>)).\n\n\n\n## Organizations respond, but slowly\n\nAnalyzing anonymized data from the Qualys data lake, the Qualys Threat Research Unit found for Chrome zero-day vulnerabilities introduced between February and August, more than 90% of these instances were remediated. However, it took 11-21 days to remediate via the Chrome patch. With the frequency of vulnerabilities released in this widely used browser and the fact that browsers, by their nature, are more exposed to external attacks, reducing the MTTR for those Chrome vulnerabilities is critical.\n\n2022 Chrome Zero-Day Vulnerabilities, MTTR\n\nOf the nine Chrome zero-day threats this year, five were introduced just before the weekend on a Thursday or Friday. Organizations that don't leverage automated patching must spend the weekend or holiday working on the manual, lengthy process of detecting vulnerable devices, preparing the Chrome patch, testing it, and deploying it to affected assets.\n\nCVE| Release Date| Day of the Week| Vulnerability Remediation Rate \n---|---|---|--- \nCVE-2022-0609| 2/14/2022| Monday| 94% \nCVE-2022-1096| 3/25/2022| **Friday**| 94% \nCVE-2022-1364| 4/14/2022| **Thursday**| 93% \nCVE-2022-2294| 7/4/2022| Monday| 93% \nCVE-2022-2856| 8/16/2022| Tuesday| 91% \nCVE-2022-3075| 9/2/2022| **Friday**| 85% \nCVE-2022-3723| 10/27/2022| **Thursday**| 65% \nCVE-2022-4135| 11/24/2022| **Thursday (Thanksgiving)**| 52% \nCVE-2022-4262| 12/2/2022| **Friday**| NA \n2022 Chrome Zero-Day vulnerability release dates and percentage of remediation\n\n## Qualys Patch Management speeds remediation\n\nThe Qualys Threat Research Unit has found on average critical vulnerabilities are weaponized in 15.9 days. Significantly reducing MTTR shortens the exposure window and improves an organization's risk posture.\n\n[Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) with Zero-Touch Patching allows organizations to use their Qualys Cloud Agent for vulnerability management and to deploy third-party application patches, including Chrome. If the Qualys Cloud Agent is installed on an asset, customers can patch it, regardless of any other deployed patch solution. By defining a simple zero-touch policy, assets can automatically deploy patches when the vendor releases a new one. If testing patches like Chrome is required before production deployment, automatically setup a zero-touch policy to deploy to a set of test devices before deploying the same tested patches to production devices.\n\nIf you are a Qualys customer without Patch Management, a [trial](<https://www.qualys.com/apps/patch-management/>) can be enabled quickly, leveraging the same agent used with VMDR. This allows you to immediately deploy the Chrome patch to your environment and create those automation jobs to ensure that the next time Google or any other vendor releases a patch, your assets are automatically updated.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T05:24:27", "type": "qualysblog", "title": "The 9th Google Chrome Zero-Day Threat this Year \u2013 Again Just Before the Weekend", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-03T05:24:27", "id": "QUALYSBLOG:058E013CF475F33D6DEBB8955340D15B", "href": "https://blog.qualys.com/category/product-tech/patch-management", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-25T19:27:09", "description": "_CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively._\n\n### Situation\n\nLast November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>) called \u201cReducing the Significant Risk of Known Exploited Vulnerabilities.\u201d [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of Known Exploited Vulnerabilities that carry significant risk to the federal government and sets requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires federal agencies to review and update internal vulnerability management procedures to remediate each vulnerability according to the timelines outlined in CISA\u2019s vulnerability catalog.\n\n### Directive Scope\n\nThis CISA directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency\u2019s behalf.\n\nHowever, CISA strongly recommends that public and private businesses as well as state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA\u2019s public catalog. This is truly vulnerability management guidance for all organizations to heed.\n\n### CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [379 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. CISA\u2019s most recent update was issued on February 22, 2022.\n\nThe Qualys Research team is continuously updating CVEs to available QIDs (Qualys vulnerability identifiers) in the Qualys Knowledgebase, with the RTI field \u201cCISA Exploited\u201d and this is going to be a continuous approach, as CISA frequently amends with the latest CVE as part of their regular feeds.\n\nOut of these vulnerabilities, Directive 22-01 urges all organizations to reduce their exposure to cyberattacks by effectively prioritizing the remediation of the identified Vulnerabilities.\n\nCISA has ordered U.S. federal agencies to apply patches as soon as possible. The remediation guidance is grouped into multiple categories by CISA based on attack surface severity and time-to-remediate. The timelines are available in the [Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for each of the CVEs.\n\n### Detect CISA Vulnerabilities Using Qualys VMDR\n\nQualys helps customers to identify and assess the risk to their organizations\u2019 digital infrastructure, and then to automate remediation. Qualys\u2019 guidance for rapid response to Directive 22-01 follows.\n\nThe Qualys Research team has released multiple remote and authenticated detections (QIDs) for these vulnerabilities. Since the directive includes 379 CVEs (as of February 22, 2022) we recommend executing your search based on QQL (Qualys Query Language), as shown here for released QIDs by Qualys **_vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:"true"_**\n\n\n\n### CISA Exploited RTI\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using VMDR Prioritization. Qualys has introduced an **RTI Category, CISA Exploited**.\n\nThis RTI indicates that the vulnerabilities are associated with the CISA catalog.\n\n\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n\n\nWith Qualys Unified Dashboard, you can track your exposure to CISA Known Exploited Vulnerabilities and track your status and overall management in real-time. With dashboard widgets, you can keep track of the status of vulnerabilities in your environment using the [\u201cCISA 2010-21| KNOWN EXPLOITED VULNERABILITIES\u201d](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard\n\n\n\n### Remediation\n\nTo comply with this directive, federal agencies need to remediate all vulnerabilities as per the remediation timelines suggested in [CISA Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)**.**\n\nQualys patch content covers many Microsoft, Linux, and third-party applications. However, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch all the remaining CVEs in their list.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive\u2019s aggressive remediation timelines set by CISA. Running this query for specific CVEs will find required patches and allow quick and efficient deployment of those missing patches to all assets directly from within Qualys Cloud Platform.\n \n \n cve:[`CVE-2010-5326`,`CVE-2012-0158`,`CVE-2012-0391`,`CVE-2012-3152`,`CVE-2013-3900`,`CVE-2013-3906`,`CVE-2014-1761`,`CVE-2014-1776`,`CVE-2014-1812`,`CVE-2015-1635`,`CVE-2015-1641`,`CVE-2015-4852`,`CVE-2016-0167`,`CVE-2016-0185`,`CVE-2016-3088`,`CVE-2016-3235`,`CVE-2016-3643`,`CVE-2016-3976`,`CVE-2016-7255`,`CVE-2016-9563`,`CVE-2017-0143`,`CVE-2017-0144`,`CVE-2017-0145`,`CVE-2017-0199`,`CVE-2017-0262`,`CVE-2017-0263`,`CVE-2017-10271`,`CVE-2017-11774`,`CVE-2017-11882`,`CVE-2017-5638`,`CVE-2017-5689`,`CVE-2017-6327`,`CVE-2017-7269`,`CVE-2017-8464`,`CVE-2017-8759`,`CVE-2017-9791`,`CVE-2017-9805`,`CVE-2017-9841`,`CVE-2018-0798`,`CVE-2018-0802`,`CVE-2018-1000861`,`CVE-2018-11776`,`CVE-2018-15961`,`CVE-2018-15982`,`CVE-2018-2380`,`CVE-2018-4878`,`CVE-2018-4939`,`CVE-2018-6789`,`CVE-2018-7600`,`CVE-2018-8174`,`CVE-2018-8453`,`CVE-2018-8653`,`CVE-2019-0193`,`CVE-2019-0211`,`CVE-2019-0541`,`CVE-2019-0604`,`CVE-2019-0708`,`CVE-2019-0752`,`CVE-2019-0797`,`CVE-2019-0803`,`CVE-2019-0808`,`CVE-2019-0859`,`CVE-2019-0863`,`CVE-2019-10149`,`CVE-2019-10758`,`CVE-2019-11510`,`CVE-2019-11539`,`CVE-2019-1214`,`CVE-2019-1215`,`CVE-2019-1367`,`CVE-2019-1429`,`CVE-2019-1458`,`CVE-2019-16759`,`CVE-2019-17026`,`CVE-2019-17558`,`CVE-2019-18187`,`CVE-2019-18988`,`CVE-2019-2725`,`CVE-2019-8394`,`CVE-2019-9978`,`CVE-2020-0601`,`CVE-2020-0646`,`CVE-2020-0674`,`CVE-2020-0683`,`CVE-2020-0688`,`CVE-2020-0787`,`CVE-2020-0796`,`CVE-2020-0878`,`CVE-2020-0938`,`CVE-2020-0968`,`CVE-2020-0986`,`CVE-2020-10148`,`CVE-2020-10189`,`CVE-2020-1020`,`CVE-2020-1040`,`CVE-2020-1054`,`CVE-2020-1147`,`CVE-2020-11738`,`CVE-2020-11978`,`CVE-2020-1350`,`CVE-2020-13671`,`CVE-2020-1380`,`CVE-2020-13927`,`CVE-2020-1464`,`CVE-2020-1472`,`CVE-2020-14750`,`CVE-2020-14871`,`CVE-2020-14882`,`CVE-2020-14883`,`CVE-2020-15505`,`CVE-2020-15999`,`CVE-2020-16009`,`CVE-2020-16010`,`CVE-2020-16013`,`CVE-2020-16017`,`CVE-2020-17087`,`CVE-2020-17144`,`CVE-2020-17496`,`CVE-2020-17530`,`CVE-2020-24557`,`CVE-2020-25213`,`CVE-2020-2555`,`CVE-2020-6207`,`CVE-2020-6287`,`CVE-2020-6418`,`CVE-2020-6572`,`CVE-2020-6819`,`CVE-2020-6820`,`CVE-2020-8243`,`CVE-2020-8260`,`CVE-2020-8467`,`CVE-2020-8468`,`CVE-2020-8599`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-22204`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33766`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-35247`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36934`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37415`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40438`,`CVE-2021-40444`,`CVE-2021-40449`,`CVE-2021-40539`,`CVE-2021-4102`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42292`,`CVE-2021-42321`,`CVE-2021-43890`,`CVE-2021-44077`,`CVE-2021-44228`,`CVE-2021-44515`,`CVE-2022-0609`,`CVE-2022-21882`,`CVE-2022-24086`,`CVE-2010-1871`,`CVE-2017-12149`,`CVE-2019-13272` ]\n\n\n\nVulnerabilities can be validated through VMDR and a Patch Job can be configured for vulnerable assets.\n\n\n\n### Federal Enterprises and Agencies Can Act Now\n\nFor federal agencies and enterprises, it\u2019s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help your organization to achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>) to our credit.\n\nHere are a few steps Federal entities can take immediately:\n\n * Run vulnerability assessments against all of your assets by leveraging our various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Qualys Patch Management to apply patches and other configuration changes\n * Track remediation progress through our Unified Dashboards\n\n### Summary\n\nUnderstanding just which vulnerabilities exist in your environment is a critical but small part of threat mitigation. Qualys VMDR helps customers discover their exposure, assess threats, assign risk, and remediate threats \u2013 all in a single unified solution. Qualys customers rely on the accuracy of Qualys\u2019 threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any size organization efficiently respond to CISA Binding Operational Directive 22-01.\n\n#### Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-23T05:39:00", "type": "qualysblog", "title": "Managing CISA Known Exploited Vulnerabilities with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2010-5326", "CVE-2012-0158", "CVE-2012-0391", "CVE-2012-3152", "CVE-2013-3900", "CVE-2013-3906", "CVE-2014-1761", "CVE-2014-1776", "CVE-2014-1812", "CVE-2015-1635", "CVE-2015-1641", "CVE-2015-4852", "CVE-2016-0167", "CVE-2016-0185", "CVE-2016-3088", "CVE-2016-3235", "CVE-2016-3643", "CVE-2016-3976", "CVE-2016-7255", "CVE-2016-9563", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-0262", "CVE-2017-0263", "CVE-2017-10271", "CVE-2017-11774", "CVE-2017-11882", "CVE-2017-12149", "CVE-2017-5638", "CVE-2017-5689", "CVE-2017-6327", "CVE-2017-7269", "CVE-2017-8464", "CVE-2017-8759", "CVE-2017-9791", "CVE-2017-9805", "CVE-2017-9841", "CVE-2018-0798", "CVE-2018-0802", "CVE-2018-1000861", "CVE-2018-11776", "CVE-2018-15961", "CVE-2018-15982", "CVE-2018-2380", "CVE-2018-4878", "CVE-2018-4939", "CVE-2018-6789", "CVE-2018-7600", "CVE-2018-8174", "CVE-2018-8453", "CVE-2018-8653", "CVE-2019-0193", "CVE-2019-0211", "CVE-2019-0541", "CVE-2019-0604", "CVE-2019-0708", "CVE-2019-0752", "CVE-2019-0797", "CVE-2019-0803", "CVE-2019-0808", "CVE-2019-0859", "CVE-2019-0863", "CVE-2019-10149", "CVE-2019-10758", "CVE-2019-11510", "CVE-2019-11539", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-13272", "CVE-2019-1367", "CVE-2019-1429", "CVE-2019-1458", "CVE-2019-16759", "CVE-2019-17026", "CVE-2019-17558", "CVE-2019-18187", "CVE-2019-18988", "CVE-2019-2725", "CVE-2019-8394", "CVE-2019-9978", "CVE-2020-0601", "CVE-2020-0646", "CVE-2020-0674", "CVE-2020-0683", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-0796", "CVE-2020-0878", "CVE-2020-0938", "CVE-2020-0968", "CVE-2020-0986", "CVE-2020-10148", "CVE-2020-10189", "CVE-2020-1020", "CVE-2020-1040", "CVE-2020-1054", "CVE-2020-1147", "CVE-2020-11738", "CVE-2020-11978", "CVE-2020-1350", "CVE-2020-13671", "CVE-2020-1380", "CVE-2020-13927", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-14750", "CVE-2020-14871", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-15505", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16013", "CVE-2020-16017", "CVE-2020-17087", "CVE-2020-17144", "CVE-2020-17496", "CVE-2020-17530", "CVE-2020-24557", "CVE-2020-25213", "CVE-2020-2555", "CVE-2020-6207", "CVE-2020-6287", "CVE-2020-6418", "CVE-2020-6572", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-8243", "CVE-2020-8260", "CVE-2020-8467", "CVE-2020-8468", "CVE-2020-8599", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-22204", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33766", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-35247", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36934", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37415", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40438", "CVE-2021-40444", "CVE-2021-40449", "CVE-2021-40539", "CVE-2021-4102", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42292", "CVE-2021-42321", "CVE-2021-43890", "CVE-2021-44077", "CVE-2021-44228", "CVE-2021-44515", "CVE-2022-0609", "CVE-2022-21882", "CVE-2022-24086"], "modified": "2022-02-23T05:39:00", "id": "QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2022-02-16T11:29:33", "description": "CISA has added nine new vulnerabilities to its [Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.\n\n**CVE Number** | **CVE Title** | **Remediation Due Date** \n---|---|--- \nCVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | 3/1/2022 \nCVE-2022-0609 | Google Chrome Use-After-Free Vulnerability | 3/1/2022 \nCVE-2019-0752 | Microsoft Internet Explorer Type Confusion Vulnerability | 8/15/2022 \nCVE-2018-8174 | Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability | 8/15/2022 \nCVE-2018-20250 | WinRAR Absolute Path Traversal Vulnerability | 8/15/2022 \nCVE-2018-15982 | Adobe Flash Player Use-After-Free Vulnerability | 8/15/2022 \nCVE-2017-9841 | PHPUnit Command Injection Vulnerability | 8/15/2022 \nCVE-2014-1761 | Microsoft Word Memory Corruption Vulnerability | 8/15/2022 \nCVE-2013-3906 | Microsoft Graphics Component Memory Corruption Vulnerability | 8/15/2022 \n \n[Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities](<https://www.cisa.gov/binding-operational-directive-22-01>) established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the [BOD 22-01 Fact Sheet](<https://www.cisa.gov/known-exploited-vulnerabilities>) for more information.\n\nAlthough BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [Catalog vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the [specified criteria](<https://www.cisa.gov/known-exploited-vulnerabilities>).\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2022/02/15/cisa-adds-nine-known-exploited-vulnerabilities-catalog>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "cisa", "title": "CISA Adds Nine Known Exploited Vulnerabilities to Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3906", "CVE-2014-1761", "CVE-2017-9841", "CVE-2018-15982", "CVE-2018-20250", "CVE-2018-8174", "CVE-2019-0752", "CVE-2022-0609", "CVE-2022-24086"], "modified": "2022-02-15T00:00:00", "id": "CISA:88950AD3AEDA1ACA038AD96EE5152D39", "href": "https://us-cert.cisa.gov/ncas/current-activity/2022/02/15/cisa-adds-nine-known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2022-05-30T13:56:48", "description": "\n\n * [IT threat evolution in Q1 2022](<https://securelist.com/it-threat-evolution-q1-2022/106513/>)\n * **IT threat evolution in Q1 2022. Non-mobile statistics**\n * [IT threat evolution in Q1 2022. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/>)\n\n_These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q1 2022:\n\n * Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe.\n * Web Anti-Virus recognized 313,164,030 unique URLs as malicious.\n * Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 107,848 unique users.\n * Ransomware attacks were defeated on the computers of 74,694 unique users.\n * Our File Anti-Virus detected 58,989,058 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Financial threat statistics\n\nIn Q1 2022 Kaspersky solutions blocked the launch of at least one piece of malware designed to steal money from bank accounts on the computers of 107,848 unique users.\n\n_Number of unique users attacked by financial malware, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231205/01-en-malware-report-q1-2022-pc.png>))_\n\n#### Geography of financial malware attacks\n\n_To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country and territory we calculated the share of users of Kaspersky products who faced this threat during the reporting period as a percentage of all users of our products in that country or territory._\n\n_Geography of financial malware attacks, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231231/02-en-malware-report-q1-2022-pc.png>))_\n\n**TOP 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Turkmenistan | 4.5 \n2 | Afghanistan | 4.0 \n3 | Tajikistan | 3.9 \n4 | Yemen | 2.8 \n5 | Uzbekistan | 2.4 \n6 | China | 2.2 \n7 | Azerbaijan | 2.0 \n8 | Mauritania | 2.0 \n9 | Sudan | 1.8 \n10 | Syria | 1.8 \n \n_* Excluded are countries with relatively few Kaspersky product users (under 10,000)._ \n_** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\n#### TOP 10 banking malware families\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | Ramnit/Nimnul | Trojan-Banker.Win32.Ramnit | 36.5 \n2 | Zbot/Zeus | Trojan-Banker.Win32.Zbot | 16.7 \n3 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 6.7 \n4 | SpyEye | Trojan-Spy.Win32.SpyEye | 6.3 \n5 | Gozi | Trojan-Banker.Win32.Gozi | 5.2 \n6 | Cridex/Dridex | Trojan-Banker.Win32.Cridex | 3.5 \n7 | Trickster/Trickbot | Trojan-Banker.Win32.Trickster | 3.3 \n8 | RTM | Trojan-Banker.Win32.RTM | 2.7 \n9 | BitStealer | Trojan-Banker.Win32.BitStealer | 2.2 \n10 | Danabot | Trojan-Banker.Win32.Danabot | 1.8 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\nOur TOP 10 leader changed in Q1: the familiar ZeuS/Zbot (16.7%) dropped to second place and Ramnit/Nimnul (36.5%) took the lead. The TOP 3 was rounded out by CliptoShuffler (6.7%).\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\n#### Law enforcement successes\n\n * Several members of the REvil ransomware crime group were [arrested](<https://tass.com/society/1388613>) by Russian law enforcement in January. The Russian Federal Security Service (FSB) [says](<http://www.fsb.ru/fsb/press/message/single.htm!id=10439388%40fsbMessage.html>) it seized the following assets from the cybercriminals: "more than 426 million rubles ($5.6 million) including denominated in cryptocurrency; $600,000; 500,000 euros; computer equipment, the crypto wallets that were used to perpetrate crimes, and 20 luxury cars that were purchased with illicitly obtained money."\n * In February, a Canadian citizen was [sentenced](<https://www.bleepingcomputer.com/news/security/netwalker-ransomware-affiliate-sentenced-to-80-months-in-prison/>) to 6 years and 8 months in prison for involvement in NetWalker ransomware attacks (also known as Mailto ransomware).\n * In January, Ukrainian police [arrested](<https://www.bleepingcomputer.com/news/security/ukranian-police-arrests-ransomware-gang-that-hit-over-50-firms/>) a ransomware gang who delivered an unclarified strain of malware via e-mail. According to the statement released by the police, over fifty companies in the United States and Europe were attacked by the cybercriminals.\n\n#### HermeticWiper, HermeticRansom and RUransom, etc.\n\nIn February, new malware was discovered which carried out attacks with the aim of destroying files. Two pieces of malware \u2014 a Trojan called HermeticWiper that destroys data and a cryptor called [HermeticRansom](<https://securelist.com/elections-goransom-and-hermeticwiper-attack/105960/>) \u2014 were both [used](<https://www.kaspersky.com/blog/hermeticransom-hermeticwiper-attacks-2022/43825/>) in cyberattacks in Ukraine. That February, Ukrainian systems were attacked by another Trojan called IsaacWiper, followed by a third Trojan in March called CaddyWiper. The apparent aim of this malware family was to render infected computers unusable leaving no possibility of recovering files.\n\nAn intelligence team later discovered that HermeticRansom only superficially encrypts files, and ones encrypted by the ransomware [can be decrypted](<https://threatpost.com/free-hermeticransom-ransomware-decryptor-released/178762/>).\n\nRUransom malware was discovered in March, which was created to encrypt files on computers in Russia. The analysis of the malicious code revealed it was developed to wipe data, as RUransom generates keys for all the victim's encrypted files without storing them anywhere.\n\n#### Conti source-code leak\n\nThe ransomware group Conti had its source code leaked along with its chat logs which were made public. It happened shortly after the Conti group [expressed](<https://www.theverge.com/2022/2/28/22955246/conti-ransomware-russia-ukraine-chat-logs-leaked>) support for the Russian government's actions on its website. The true identity of the individual who leaked the data is currently unknown. According to different versions, it could have been a researcher or an insider in the group who disagrees with its position.\n\nWhoever it may have been, the leaked ransomware source codes in the public domain will obviously be at the fingertips of other cybercriminals, which is what happened on more than one occasion with examples like [Hidden Tear](<https://securelist.com/hidden-tear-and-its-spin-offs/73565/>) and Babuk.\n\n#### Attacks on NAS devices\n\nNetwork-attached storage (NAS) devices continue to be targeted by ransomware attacks. A new [wave of Qlocker Trojan infections](<https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/>) on QNAP NAS devices occurred in January following a brief lull which lasted a few months. A new form of ransomware infecting QNAP NAS devices also appeared in the month of January called [DeadBolt](<https://www.bleepingcomputer.com/news/security/qnap-warns-of-new-deadbolt-ransomware-encrypting-nas-devices/>), and [ASUSTOR](<https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/>) devices became its new target in February.\n\n#### Maze Decryptor\n\nMaster decryption keys for Maze, Sekhmet and Egregor ransomware were made public in February. The keys turned out to be authentic and we increased our support to decrypt files encrypted by these [infamous](<https://securelist.com/maze-ransomware/99137/>) forms of [ransomware](<https://securelist.com/targeted-ransomware-encrypting-data/99255/>) in our RakhniDecryptor utility. The decryptor is available on the website of our [No Ransom](<https://noransom.kaspersky.com/>) project and the website of the international NoMoreRansom project in the [Decryption Tools](<https://www.nomoreransom.org/en/decryption-tools.html>) section.\n\n### Number of new modifications\n\nIn Q1 2022, we detected eight new ransomware families and 3083 new modifications of this malware type.\n\n_Number of new ransomware modifications, Q1 2021 \u2014 Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231301/03-en-ru-es-malware-report-q1-2022-pc.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q1 2022, Kaspersky products and technologies protected 74,694 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231325/04-en-malware-report-q1-2022-pc.png>))_\n\n### Geography of attacked users\n\n_Geography of attacks by ransomware Trojans, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231349/05-en-malware-report-q1-2022-pc.png>))_\n\n**TOP 10 countries attacked by ransomware Trojans**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Bangladesh | 2.08 \n2 | Yemen | 1.52 \n3 | Mozambique | 0.82 \n4 | China | 0.49 \n5 | Pakistan | 0.43 \n6 | Angola | 0.40 \n7 | Iraq | 0.40 \n8 | Egypt | 0.40 \n9 | Algeria | 0.36 \n10 | Myanmar | 0.35 \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000)._ \n_** Unique users whose computers were attacked by Trojan encryptors as a percentage of all unique users of Kaspersky products in the country._\n\n### TOP 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts*** | **Percentage of attacked users**** \n---|---|---|--- \n1 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 24.38 \n2 | WannaCry | Trojan-Ransom.Win32.Wanna | 13.71 \n3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 9.35 \n4 | (generic verdict) | Trojan-Ransom.Win32.Phny | 7.89 \n5 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 5.66 \n6 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 4.07 \n7 | (generic verdict) | Trojan-Ransom.Win32.CryFile | 3.72 \n8 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 3.37 \n9 | (generic verdict) | Trojan-Ransom.Win32.Crypmod | 3.17 \n10 | (generic verdict) | Trojan-Ransom.Win32.Agent | 1.99 \n \n_* Statistics are based on detection verdicts of Kaspersky products. The information was provided by Kaspersky product users who consented to provide statistical data._ \n_** Unique Kaspersky users attacked by specific ransomware Trojan families as a percentage of all unique users attacked by ransomware Trojans._\n\n## Miners\n\n### Number of new miner modifications\n\nIn Q1 2022, Kaspersky solutions detected 21,282 new modifications of miners.\n\n_Number of new miner modifications, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231418/06-en-malware-report-q1-2022-pc.png>))_\n\n### Number of users attacked by miners\n\nIn Q1, we detected attacks using miners on the computers of 508,449 unique users of Kaspersky products and services worldwide.\n\n_Number of unique users attacked by miners, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231445/07-en-malware-report-q1-2022-pc.png>))_\n\n### Geography of miner attacks\n\n_Geography of miner attacks, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231509/08-en-malware-report-q1-2022-pc.png>))_\n\n**TOP 10 countries attacked by miners**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Ethiopia | 3.01 \n2 | Tajikistan | 2.60 \n3 | Rwanda | 2.45 \n4 | Uzbekistan | 2.15 \n5 | Kazakhstan | 1.99 \n6 | Tanzania | 1.94 \n7 | Ukraine | 1.83 \n8 | Pakistan | 1.79 \n9 | Mozambique | 1.69 \n10 | Venezuela | 1.67 \n \n_* Excluded are countries with relatively few users of Kaspersky products (under 50,000)._ \n_** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by criminals during cyberattacks\n\n### Quarter highlights\n\nIn Q1 2022, a number of serious vulnerabilities were found in Microsoft Windows and its components. More specifically, the vulnerability [CVE-2022-21882](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882>) was found to be exploited by an unknown group of cybercriminals: a "type confusion" bug in the win32k.sys driver the attacker can use to gain system privileges. Also worth noting is [CVE-2022-21919](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21919>), a vulnerability in the User Profile Service which makes it possible to elevate privileges, along with [CVE-2022-21836](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21836>), which can be used to forge digital certificates.\n\nOne of the major talking points in Q1 was an exploit that targeted the [CVE-2022-0847](<https://dirtypipe.cm4all.com/>) vulnerability in the Linux OS kernel. It was dubbed "Dirty Pipe". [Researchers discovered](<https://securelist.com/cve-2022-0847-aka-dirty-pipe-vulnerability-in-linux-kernel/106088/>) an "uninitialized memory" vulnerability when analyzing corrupted files, which makes it possible to rewrite a part of the OS memory, namely page memory that contains system files' data. This in turn opens up an opportunity, such as elevating attacker's privileges to root. It's worth noting that this vulnerability is fairly easy to exploit, which means users of all systems should regularly install security patches and use all available means to prevent infection.\n\nWhen it comes to network threats, this quarter continued to show how cybercriminals often resort to the technique of brute-forcing passwords to gain unauthorized access to various network services, the most popular of which are MSSQL, RDP and SMB. Attacks using the EternalBlue, EternalRomance and similar exploits remain as popular as ever. Due to widespread unpatched versions of Microsoft Exchange Server, networks often fall victim to exploits of ProxyToken, ProxyShell, ProxyOracle and other vulnerabilities. One example of a critical vulnerability found is remote code execution (RCE) in the Microsoft Windows HTTP protocol stack which allows an attack to be launched remotely by sending a special network packet to a vulnerable system by means of the HTTP trailer functionality. New attacks on network applications which will probably also become common are RCE attacks on the popular Spring Framework and Spring Cloud Gateway. Specific examples of vulnerabilities in these applications are [CVE-2022-22965](<https://nvd.nist.gov/vuln/detail/CVE-2022-22965>) (Spring4Shell) and [CVE-2022-22947](<https://nvd.nist.gov/vuln/detail/CVE-2022-22947>).\n\n### Vulnerability statistics\n\nQ1 2022 saw an array of changes in the statistics on common vulnerability types. For instance, the top place in the statistics is still firmly held by exploits targeting vulnerabilities in Microsoft Office and their share has increased significantly to 78.5%. The same common vulnerabilities we've written about on more than one occasion are still the most widely exploited within this category of threats. These are [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>) and [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>), which cause a buffer overflow when processing objects in a specially crafted document in the Equation Editor component and ultimately allow an attacker to execute arbitrary code. There's also [CVE-2017-8570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570>), where opening a specially crafted file with an affected version of Microsoft Office software gives attackers the opportunity to perform various actions on the vulnerable system. Another vulnerability found last year which is very popular with cybercriminals is [CVE-2021-40444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444>), which they can use to exploit through a specially prepared Microsoft Office document with an embedded malicious ActiveX control for executing arbitrary code in the system.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231538/09-en-malware-report-q1-2022-pc.png>))_\n\nExploits targeting browsers came second again in Q1, although their share dropped markedly to just 7.64%. Browser developers put a great deal of effort into patching vulnerability exploits in each new version and closing a large number of gaps in system security. Apart from that, the majority of browsers have automatic updates as opposed to the distinct example of Microsoft Office, where many of its users still use outdated versions and are in no rush to install security updates. That could be precisely the reason why we've seen a reduction in the share of browser exploits in our statistics. However, this does not mean they're no longer an immediate threat. For instance, Chrome's developers fixed a number of critical RCE vulnerabilities, including:\n\n * [CVE-2022-1096](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>): a "type confusion" vulnerability in the V8 script engine which gives attackers the opportunity to remotely execute code (RCE) in the context of the browser's security sandbox.\n * [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>): a use-after-free vulnerability which allows to corrupt the process memory and remotely execute arbitrary codes when performing specially generated scripts that use animation.\n\nSimilar vulnerabilities were found in the browser's other components: [CVE-2022-0605](<https://nvd.nist.gov/vuln/detail/CVE-2022-0605>)which uses Web Store API, and [CVE-2022-0606](<https://nvd.nist.gov/vuln/detail/CVE-2022-0606>) which is associated with vulnerabilities in the WebGL backend (ANGLE). Another vulnerability found was [CVE-2022-0604](<https://nvd.nist.gov/vuln/detail/CVE-2022-0604>), which can be used to exploit a heap buffer overflow in Tab Groups, also potentially leading to remote code execution (RCE).\n\nExploits for Android came third in our statistics (4.10%), followed by exploits targeting the Adobe Flash Platform (3.49%), PDF files (3.48%) and Java apps (2.79%).\n\n## Attacks on macOS\n\nThe year began with a number of interesting multi-platform finds: the [Gimmick](<https://www.securityweek.com/chinese-cyberspies-seen-using-macos-variant-gimmick-malware>) multi-platform malware family with Windows and macOS variants that uses Google Drive to communicate with the C&C server, along with the [SysJoker backdoor](<https://threatpost.com/undetected-sysjoker-backdoor-malwarewindows-linux-macos/177532/>) with versions tailored for Windows, Linux and macOS.\n\n**TOP 20 threats for macOS**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Pirrit.ac | 13.23 \n2 | AdWare.OSX.Pirrit.j | 12.05 \n3 | Monitor.OSX.HistGrabber.b | 8.83 \n4 | AdWare.OSX.Pirrit.o | 7.53 \n5 | AdWare.OSX.Bnodlero.at | 7.41 \n6 | Trojan-Downloader.OSX.Shlayer.a | 7.06 \n7 | AdWare.OSX.Pirrit.aa | 6.75 \n8 | AdWare.OSX.Pirrit.ae | 6.07 \n9 | AdWare.OSX.Cimpli.m | 5.35 \n10 | Trojan-Downloader.OSX.Agent.h | 4.96 \n11 | AdWare.OSX.Pirrit.gen | 4.76 \n12 | AdWare.OSX.Bnodlero.bg | 4.60 \n13 | AdWare.OSX.Bnodlero.ax | 4.45 \n14 | AdWare.OSX.Agent.gen | 3.74 \n15 | AdWare.OSX.Agent.q | 3.37 \n16 | Backdoor.OSX.Twenbc.b | 2.84 \n17 | Trojan-Downloader.OSX.AdLoad.mc | 2.81 \n18 | Trojan-Downloader.OSX.Lador.a | 2.81 \n19 | AdWare.OSX.Bnodlero.ay | 2.81 \n20 | Backdoor.OSX.Agent.z | 2.56 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nThe TOP 20 threats to users detected by Kaspersky security solutions for macOS is usually dominated by various adware apps. The top two places in the rating were taken by adware apps from the AdWare.OSX.Pirrit family, while third place was taken by a member of the Monitor.OSX.HistGrabber.b family of potentially unwanted software which sends users' browser history to its owners' servers.\n\n### Geography of threats for macOS\n\n_Geography of threats for macOS, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231608/10-en-malware-report-q1-2022-pc.png>))_\n\n**TOP 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | France | 2.36 \n2 | Spain | 2.29 \n3 | Italy | 2.16 \n4 | Canada | 2.15 \n5 | India | 1.95 \n6 | United States | 1.90 \n7 | Russian Federation | 1.83 \n8 | United Kingdom | 1.58 \n9 | Mexico | 1.49 \n10 | Australia | 1.36 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000)._ \n_** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nIn Q1 2022, the country where the most users were attacked was France (2.36%), followed by Spain (2.29%) and Italy (2.16%). Adware from the Pirrit family was encountered most frequently out of all macOS threats in the listed countries.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q1 2022, most devices that attacked Kaspersky traps did so using the Telnet protocol as before. Just one quarter of devices attempted to brute-force our SSH traps.\n\nTelnet | 75.28% \n---|--- \nSSH | 24.72% \n \n**_Distribution of attacked services by number of unique IP addresses of devices that carried out attacks, Q1 2022_**\n\nIf we look at sessions involving Kaspersky honeypots, we see far greater Telnet dominance.\n\nTelnet | 93.16% \n---|--- \nSSH | 6.84% \n \n**_Distribution of cybercriminal working sessions with Kaspersky traps, Q1 2022_**\n\n**TOP 10 threats delivered to IoT devices via Telnet**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 38.07 \n2 | Trojan-Downloader.Linux.NyaDrop.b | 9.26 \n3 | Backdoor.Linux.Mirai.ba | 7.95 \n4 | Backdoor.Linux.Gafgyt.a | 5.55 \n5 | Trojan-Downloader.Shell.Agent.p | 4.62 \n6 | Backdoor.Linux.Mirai.ad | 3.89 \n7 | Backdoor.Linux.Gafgyt.bj | 3.02 \n8 | Backdoor.Linux.Agent.bc | 2.76 \n9 | RiskTool.Linux.BitCoinMiner.n | 2.00 \n10 | Backdoor.Linux.Mirai.cw | 1.98 \n \n_* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._\n\nSimilar IoT-threat statistics [are published in the DDoS report](<https://securelist.com/ddos-attacks-in-q1-2022/105045/#attacks-on-iot-honeypots>) for Q1 2022.\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create such sites on purpose and web resources with user-created content (for example, forums), as well as hacked legitimate resources, can be infected._\n\n### Countries and territories that serve as sources of web-based attacks: TOP 10\n\n_The following statistics show the distribution by country or territory of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._\n\nIn Q1 2022, Kaspersky solutions blocked 1,216,350,437 attacks launched from online resources across the globe. 313,164,030 unique URLs were recognized as malicious by Web Anti-Virus components.\n\n_Distribution of web-attack sources by country and territory, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231643/11-en-malware-report-q1-2022-pc.png>))_\n\n### Countries and territories where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries and territories, for each country or territory we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries and territories.\n\nThis rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include Web Anti-Virus detections of potentially dangerous or unwanted programs such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Taiwan | 22.63 \n2 | Tunisia | 21.57 \n3 | Algeria | 16.41 \n4 | Mongolia | 16.05 \n5 | Serbia | 15.96 \n6 | Libya | 15.67 \n7 | Estonia | 14.45 \n8 | Greece | 14.37 \n9 | Nepal | 14.01 \n10 | Hong Kong | 13.85 \n11 | Yemen | 13.17 \n12 | Sudan | 13.08 \n13 | Slovenia | 12.94 \n14 | Morocco | 12.82 \n15 | Qatar | 12.78 \n16 | Croatia | 12.53 \n17 | Republic of Malawi | 12.33 \n18 | Sri Lanka | 12.28 \n19 | Bangladesh | 12.26 \n20 | Palestine | 12.23 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 10,000)._ \n_** Unique users targeted by **Malware-class** attacks as a percentage of all unique users of Kaspersky products in the country or territory._\n\nOn average during the quarter, 8.18% of computers of Internet users worldwide were subjected to at least one **Malware-class** web attack.\n\n_Geography of web-based malware attacks, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/27074233/13-en-malware-report-q1-2022-pc-1.png>))_\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules in Kaspersky products. It takes into account malicious programs that were found directly on users' computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q1 2022, our File Anti-Virus detected **58,989,058** malicious and potentially unwanted objects.\n\n### Countries where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nNote that this rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include File Anti-Virus triggerings in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country*** | **%**** \n---|---|--- \n1 | Yemen | 48.38 \n2 | Turkmenistan | 47.53 \n3 | Tajikistan | 46.88 \n4 | Cuba | 45.29 \n5 | Afghanistan | 42.79 \n6 | Uzbekistan | 41.56 \n7 | Bangladesh | 41.34 \n8 | South Sudan | 39.91 \n9 | Ethiopia | 39.76 \n10 | Myanmar | 37.22 \n11 | Syria | 36.89 \n12 | Algeria | 36.02 \n13 | Burundi | 34.13 \n14 | Benin | 33.81 \n15 | Rwanda | 33.11 \n16 | Sudan | 32.90 \n17 | Tanzania | 32.39 \n18 | Kyrgyzstan | 32.26 \n19 | Venezuela | 32.00 \n20 | Iraq | 31.93 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware-class** local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q1 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/05/25231744/13-en-malware-report-q1-2022-pc.png>))_\n\nOverall, 15.48% of user computers globally faced at least one Malware-class local threat during Q1. Russia scored 16.88% in this rating.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-27T08:00:05", "type": "securelist", "title": "IT threat evolution in Q1 2022. Non-mobile statistics", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2017-8570", "CVE-2018-0802", "CVE-2021-40444", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0609", "CVE-2022-0847", "CVE-2022-1096", "CVE-2022-21836", "CVE-2022-21882", "CVE-2022-21919", "CVE-2022-22947", "CVE-2022-22965"], "modified": "2022-05-27T08:00:05", "id": "SECURELIST:11665FFD7075FB9D59316195101DE894", "href": "https://securelist.com/it-threat-evolution-in-q1-2022-non-mobile-statistics/106531/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-15T16:13:15", "description": "\n\n * [IT threat evolution in Q2 2022](<https://securelist.com/it-threat-evolution-q2-2022/107099/>)\n * **IT threat evolution in Q2 2022. Non-mobile statistics**\n * [IT threat evolution in Q2 2022. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/>)\n\n_These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q2 2022:\n\n * Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe.\n * Web Anti-Virus recognized 273,033,368 unique URLs as malicious. Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 100,829 unique users.\n * Ransomware attacks were defeated on the computers of 74,377 unique users.\n * Our File Anti-Virus detected 55,314,176 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Financial threat statistics\n\nIn Q2 2022, Kaspersky solutions blocked the launch of malware designed to steal money from bank accounts on the computers of 100,829 unique users.\n\n_Number of unique users attacked by financial malware, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025224/01-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**Geography of financial malware attacks**\n\n_To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country and territory we calculated the share of Kaspersky users who faced this threat during the reporting period as a percentage of all users of our products in that country or territory._\n\n_Geography of financial malware attacks, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025321/02-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 4.8 \n2 | Afghanistan | 4.3 \n3 | Tajikistan | 3.8 \n4 | Paraguay | 3.1 \n5 | China | 2.4 \n6 | Yemen | 2.4 \n7 | Uzbekistan | 2.2 \n8 | Sudan | 2.1 \n9 | Egypt | 2.0 \n10 | Mauritania | 1.9 \n \n_* Excluded are countries and territories with relatively few Kaspersky product users (under 10,000)._ \n_** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\n**TOP 10 banking malware families**\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | Ramnit/Nimnul | Trojan-Banker.Win32.Ramnit | 35.5 \n2 | Zbot/Zeus | Trojan-Banker.Win32.Zbot | 15.8 \n3 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 6.4 \n4 | Trickster/Trickbot | Trojan-Banker.Win32.Trickster | 6 \n5 | RTM | Trojan-Banker.Win32.RTM | 2.7 \n6 | SpyEye | Trojan-Spy.Win32.SpyEye | 2.3 \n7 | IcedID | Trojan-Banker.Win32.IcedID | 2.1 \n8 | Danabot | Trojan-Banker.Win32.Danabot | 1.9 \n9 | BitStealer | Trojan-Banker.Win32.BitStealer | 1.8 \n10 | Gozi | Trojan-Banker.Win32.Gozi | 1.3 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\nIn the second quarter, the Lockbit group [launched a bug bounty program](<https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/>). The cybercriminals are promising $1,000 to $1,000,000 for doxing of senior officials, reporting web service, Tox messenger or ransomware Trojan algorithm vulnerabilities, as well as for ideas on improving the Lockbit website and Trojan. This was the first-ever case of ransomware groups doing a (self-promotion?) campaign like that.\n\nAnother well-known group, Conti, said it was shutting down operations. The announcement followed a high-profile attack on Costa Rica's information systems, which prompted the government to [declare a state of emergency](<https://www.bleepingcomputer.com/news/security/costa-rica-declares-national-emergency-after-conti-ransomware-attacks/>). The Conti infrastructure was shut down in late June, but some in the infosec community believe that Conti members are either just rebranding or have split up and joined other ransomware teams, including Hive, AvosLocker and BlackCat.\n\nWhile some ransomware groups are drifting into oblivion, others seem to be making a comeback. REvil's website went back online in April, and researchers [discovered](<https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/>) a newly built specimen of their Trojan. This might have been a test build, as the sample did not encrypt any files, but these events may herald the impending return of REvil.\n\nKaspersky researchers found a way to recover files encrypted by the Yanluowang ransomware and [released a decryptor](<https://securelist.ru/how-to-recover-files-encrypted-by-yanluowang/105019/>) for all victims. Yanluowang has been spotted in targeted attacks against large businesses in the US, Brazil, Turkey, and other countries.\n\n### Number of new modifications\n\nIn Q2 2022, we detected 15 new ransomware families and 2355 new modifications of this malware type.\n\n_Number of new ransomware modifications, Q2 2021 \u2014 Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025415/03-en-ru-es-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q2 2022, Kaspersky products and technologies protected 74,377 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025443/04-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Geography of attacked users\n\n_Geography of attacks by ransomware Trojans, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025517/05-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories attacked by ransomware Trojans**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Bangladesh | 1.81 \n2 | Yemen | 1.24 \n3 | South Korea | 1.11 \n4 | Mozambique | 0.82 \n5 | Taiwan | 0.70 \n6 | China | 0.46 \n7 | Pakistan | 0.40 \n8 | Angola | 0.37 \n9 | Venezuela | 0.33 \n10 | Egypt | 0.32 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 50,000)._ \n_** Unique users whose computers were attacked by Trojan encryptors as a percentage of all unique users of Kaspersky products in the country._\n\n### TOP 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts*** | **Percentage of attacked users**** \n---|---|---|--- \n1 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 17.91 \n2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.58 \n3 | Magniber | Trojan-Ransom.Win64.Magni | 9.80 \n4 | (generic verdict) | Trojan-Ransom.Win32.Gen | 7.91 \n5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.75 \n6 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 6.55 \n7 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 3.51 \n8 | (generic verdict) | Trojan-Ransom.MSIL.Encoder | 3.02 \n9 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 2.96 \n10 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 2.69 \n \n_* Statistics are based on detection verdicts of Kaspersky products. The information was provided by Kaspersky product users who consented to provide statistical data._ \n_** Unique Kaspersky users attacked by specific ransomware Trojan families as a percentage of all unique users attacked by ransomware Trojans._\n\n## Miners\n\n### Number of new miner modifications\n\nIn Q2 2022, Kaspersky solutions detected 40,788 new modifications of miners. A vast majority of these (more than 35,000) were detected in June. Thus, the spring depression \u2014 in March through May we found a total of no more than 10,000 new modifications \u2014 was followed by a record of sorts.\n\n_Number of new miner modifications, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025548/06-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Number of users attacked by miners\n\nIn Q2, we detected attacks using miners on the computers of 454,385 unique users of Kaspersky products and services worldwide. We are seeing a reverse trend here: miner attacks have gradually declined since the beginning of 2022.\n\n_Number of unique users attacked by miners, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025613/07-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Geography of miner attacks\n\n_Geography of miner attacks, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025642/08-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories attacked by miners**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Rwanda | 2.94 \n2 | Ethiopia | 2.67 \n3 | Tajikistan | 2.35 \n4 | Tanzania | 1.98 \n5 | Kyrgyzstan | 1.94 \n6 | Uzbekistan | 1.88 \n7 | Kazakhstan | 1.84 \n8 | Venezuela | 1.80 \n9 | Mozambique | 1.68 \n10 | Ukraine | 1.56 \n \n_* Excluded are countries and territories with relatively few users of Kaspersky products (under 50,000)._ \n_** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by criminals during cyberattacks\n\n### Quarterly highlights\n\nDuring Q2 2022, a number of major vulnerabilities were discovered in the Microsoft Windows. For instance, [CVE-2022-26809](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809>) critical error allows an attacker to remotely execute arbitrary code in a system using a custom RPC request. The Network File System (NFS) driver was found to contain two RCE vulnerabilities: [CVE-2022-24491](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491>) and [CVE-2022-24497](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24497>). By sending a custom network message via the NFS protocol, an attacker can remotely execute arbitrary code in the system as well. Both vulnerabilities affect server systems with the NFS role activated. The [CVE-2022-24521](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521>) vulnerability targeting the Common Log File System (CLFS) driver was found in the wild. It allows elevation of local user privileges, although that requires the attacker to have gained a foothold in the system. [CVE-2022-26925](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925>), also known as LSA Spoofing, was another vulnerability found during live operation of server systems. It allows an unauthenticated attacker to call an LSARPC interface method and get authenticated by Windows domain controller via the NTLM protocol. These vulnerabilities are an enduring testament to the importance of timely OS and software updates.\n\nMost of the network threats detected in Q2 2022 had been mentioned in previous reports. Most of those were attacks that involved [brute-forcing](<https://encyclopedia.kaspersky.com/glossary/brute-force/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) access to various web services. The most popular protocols and technologies susceptible to these attacks include MS SQL Server, RDP and SMB. Attacks that use the EternalBlue, EternalRomance and similar exploits are still popular. Exploitation of Log4j vulnerability ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-44228>)) is also quite common, as the susceptible Java library is often used in web applications. Besides, the Spring MVC framework, used in many Java-based web applications, was found to contain a new vulnerability [CVE-2022-22965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965>) that exploits the data binding functionality and results in remote code execution. Finally, we have observed a rise in attacks that exploit insecure deserialization, which can also result in access to remote systems due to incorrect or missing validation of untrusted user data passed to various applications.\n\n### Vulnerability statistics\n\nExploits targeting Microsoft Office vulnerabilities grew in the second quarter to 82% of the total. Cybercriminals were spreading malicious documents that exploited [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>) and [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>), which are the best-known vulnerabilities in the Equation Editor component. Exploitation involves the component memory being damaged and a specially designed script, run on the target computer. Another vulnerability, [CVE-2017-8570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570>), allows downloading and running a malicious script when opening an infected document, to execute various operations in a vulnerable system. The emergence of [CVE-2022-30190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190>)[or Follina vulnerability](<https://securelist.com/cve-2022-30190-follina-vulnerability-in-msdt-description-and-counteraction/106703/>) also increased the number of exploits in this category. An attacker can use a custom malicious document with a link to an external OLE object, and a special URI scheme to have Windows run the MSDT diagnostics tool. This, in turn, combined with a special set of parameters passed to the victim's computer, can cause an arbitrary command to be executed \u2014 even if macros are disabled and the document is opened in Protected Mode.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025713/09-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\nAttempts at exploiting vulnerabilities that affect various script engines and, specifically, browsers, dipped to 5%. In the second quarter, a number of critical RCE vulnerabilities were discovered in various Google Chrome based browsers: [CVE-2022-0609](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609>), [CVE-2022-1096](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>), and [CVE-2022-1364](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364>). The first one was found in the animation component; it exploits a Use-After-Free error, causing memory damage, which is followed by the attacker creating custom objects to execute arbitrary code. The second and third vulnerabilities are Type Confusion errors associated with the V8 script engine; they also can result in arbitrary code being executed on a vulnerable user system. Some of the vulnerabilities discovered were found to have been exploited in targeted attacks, in the wild. Mozilla Firefox was found to contain a high-risk Use-After-Free vulnerability, [CVE-2022-1097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097>), which appears when processing NSSToken-type objects from different streams. The browser was also found to contain [CVE-2022-28281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281>), a vulnerability that affects the WebAuthn extension. A compromised Firefox content process can write data out of bounds of the parent process memory, thus potentially enabling code execution with elevated privileges. Two further vulnerabilities, [CVE-2022-1802](<https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/>) and [CVE-2022-1529](<https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/>), were exploited in cybercriminal attacks. The exploitation method, dubbed "prototype pollution", allows executing arbitrary JavaScript code in the context of a privileged parent browser process.\n\nAs in the previous quarter, Android exploits ranked third in our statistics with 4%, followed by exploits of Java applications, the Flash platform, and PDF documents, each with 3%.\n\n## Attacks on macOS\n\nThe second quarter brought with it a new batch of cross-platform discoveries. For instance, a new APT group [Earth Berberoka](<https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html>) (GamblingPuppet) that specializes in hacking online casinos, uses malware for Windows, Linux, and macOS. The [TraderTraitor](<https://www.cisa.gov/uscert/ncas/alerts/aa22-108a>) campaign targets cryptocurrency and blockchain organizations, attacking with malicious crypto applications for both Windows and macOS.\n\n**TOP 20 threats for macOS**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Amc.e | 25.61 \n2 | AdWare.OSX.Agent.ai | 12.08 \n3 | AdWare.OSX.Pirrit.j | 7.84 \n4 | AdWare.OSX.Pirrit.ac | 7.58 \n5 | AdWare.OSX.Pirrit.o | 6.48 \n6 | Monitor.OSX.HistGrabber.b | 5.27 \n7 | AdWare.OSX.Agent.u | 4.27 \n8 | AdWare.OSX.Bnodlero.at | 3.99 \n9 | Trojan-Downloader.OSX.Shlayer.a | 3.87 \n10 | Downloader.OSX.Agent.k | 3.67 \n11 | AdWare.OSX.Pirrit.aa | 3.35 \n12 | AdWare.OSX.Pirrit.ae | 3.24 \n13 | Backdoor.OSX.Twenbc.e | 3.16 \n14 | AdWare.OSX.Bnodlero.ax | 3.06 \n15 | AdWare.OSX.Agent.q | 2.73 \n16 | Trojan-Downloader.OSX.Agent.h | 2.52 \n17 | AdWare.OSX.Bnodlero.bg | 2.42 \n18 | AdWare.OSX.Cimpli.m | 2.41 \n19 | AdWare.OSX.Pirrit.gen | 2.08 \n20 | AdWare.OSX.Agent.gen | 2.01 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nAs usual, the TOP 20 ranking for threats detected by Kaspersky security solutions for macOS users is dominated by various adware. AdWare.OSX.Amc.e, also known as Advanced Mac Cleaner, is a newcomer and already a leader, found with a quarter of all attacked users. Members of this family display fake system problem messages, offering to buy the full version to fix those. It was followed by members of the AdWare.OSX.Agent and AdWare.OSX.Pirrit families.\n\n### Geography of threats for macOS\n\n_Geography of threats for macOS, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025743/10-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | France | 2.93 \n2 | Canada | 2.57 \n3 | Spain | 2.51 \n4 | United States | 2.45 \n5 | India | 2.24 \n6 | Italy | 2.21 \n7 | Russian Federation | 2.13 \n8 | United Kingdom | 1.97 \n9 | Mexico | 1.83 \n10 | Australia | 1.82 \n \n_* Excluded from the rating are countries and territories with relatively few users of Kaspersky security solutions for macOS (under 10,000)._ \n_** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nIn Q2 2022, the country where the most users were attacked was again France (2.93%), followed by Canada (2.57%) and Spain (2.51%). AdWare.OSX.Amc.e was the most common adware encountered in these three countries.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q2 2022, most devices that attacked Kaspersky traps did so using the Telnet protocol, as before.\n\nTelnet | 82,93% \n---|--- \nSSH | 17,07% \n \n**_Distribution of attacked services by number of unique IP addresses of attacking devices, Q2 2022_**\n\nThe statistics for working sessions with Kaspersky honeypots show similar Telnet dominance.\n\nTelnet | 93,75% \n---|--- \nSSH | 6,25% \n \n**_Distribution of cybercriminal working sessions with Kaspersky traps, Q2 2022_**\n\n**TOP 10 threats delivered to IoT devices via Telnet**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 36.28 \n2 | Trojan-Downloader.Linux.NyaDrop.b | 14.66 \n3 | Backdoor.Linux.Mirai.ek | 9.15 \n4 | Backdoor.Linux.Mirai.ba | 8.82 \n5 | Trojan.Linux.Agent.gen | 4.01 \n6 | Trojan.Linux.Enemybot.a | 2.96 \n7 | Backdoor.Linux.Agent.bc | 2.58 \n8 | Trojan-Downloader.Shell.Agent.p | 2.36 \n9 | Trojan.Linux.Agent.mg | 1.72 \n10 | Backdoor.Linux.Mirai.cw | 1.45 \n \n_* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._\n\nDetailed IoT-threat statistics [are published in the DDoS report](<https://securelist.com/ddos-attacks-in-q2-2022/107025/#attacks-on-iot-honeypots>) for Q2 2022.\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create these sites on purpose; they can infect hacked legitimate resources as well as web resources with user-created content, such as forums._\n\n### TOP 10 countries and territories that serve as sources of web-based attacks\n\n_The following statistics show the distribution by country or territory of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._\n\nIn Q2 2022, Kaspersky solutions blocked 1,164,544,060 attacks launched from online resources across the globe. A total of 273,033,368 unique URLs were recognized as malicious by Web Anti-Virus components.\n\n_Distribution of web-attack sources by country and territory, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025818/11-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n### Countries and territories where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users around the world, for each country or territory we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries and territories.\n\nNote that these rankings only include attacks by malicious objects that fall under the **Malware** class; they do not include Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Taiwan | 26.07 \n2 | Hong Kong | 14.60 \n3 | Algeria | 14.40 \n4 | Nepal | 14.00 \n5 | Tunisia | 13.55 \n6 | Serbia | 12.88 \n7 | Sri Lanka | 12.41 \n8 | Albania | 12.21 \n9 | Bangladesh | 11.98 \n10 | Greece | 11.86 \n11 | Palestine | 11.82 \n12 | Qatar | 11.50 \n13 | Moldova | 11.47 \n14 | Yemen | 11.44 \n15 | Libya | 11.34 \n16 | Zimbabwe | 11.15 \n17 | Morocco | 11.03 \n18 | Estonia | 11.01 \n19 | Turkey | 10.75 \n20 | Mongolia | 10.50 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 10,000)._ \n_** Unique users targeted by **Malware**-class attacks as a percentage of all unique users of Kaspersky products in the country._\n\nOn average during the quarter, 8.31% of the Internet users' computers worldwide were subjected to at least one **Malware-class** web attack.\n\n_Geography of web-based malware attacks, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025917/12-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules of Kaspersky products. It takes into account malicious programs that were found directly on users' computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q2 2022, our File Anti-Virus detected **55,314,176** malicious and potentially unwanted objects.\n\n### Countries and territories where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries and territories.\n\nNote that these rankings only include attacks by malicious programs that fall under the **Malware** class; they do not include File Anti-Virus triggerings in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 47.54 \n2 | Tajikistan | 44.91 \n3 | Afghanistan | 43.19 \n4 | Yemen | 43.12 \n5 | Cuba | 42.71 \n6 | Ethiopia | 41.08 \n7 | Uzbekistan | 37.91 \n8 | Bangladesh | 37.90 \n9 | Myanmar | 36.97 \n10 | South Sudan | 36.60 \n11 | Syria | 35.60 \n12 | Burundi | 34.88 \n13 | Rwanda | 33.69 \n14 | Algeria | 33.61 \n15 | Benin | 33.60 \n16 | Tanzania | 32.88 \n17 | Malawi | 32.65 \n18 | Venezuela | 31.79 \n19 | Cameroon | 31.34 \n20 | Chad | 30.92 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware**-class local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q2 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/08/15025948/13-en-malware-report-q2-2022-pc-stat-graphs.png>))_\n\nOn average worldwide, Malware-class local threats were registered on 14.65% of users' computers at least once during Q2. Russia scored 16.66% in this rating.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-15T12:00:43", "type": "securelist", "title": "IT threat evolution in Q2 2022. Non-mobile statistics", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2017-8570", "CVE-2018-0802", "CVE-2021-44228", "CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1097", "CVE-2022-1364", "CVE-2022-1529", "CVE-2022-1802", "CVE-2022-22965", "CVE-2022-24491", "CVE-2022-24497", "CVE-2022-24521", "CVE-2022-26809", "CVE-2022-26925", "CVE-2022-28281", "CVE-2022-30190"], "modified": "2022-08-15T12:00:43", "id": "SECURELIST:0ED76DA480D73D593C82769757DFD87A", "href": "https://securelist.com/it-threat-evolution-in-q2-2022-non-mobile-statistics/107133/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-12-03T17:34:29", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one, fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-98.0.4758.102\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-98.0.4758.102\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-02-20T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0452", "CVE-2022-0453", "CVE-2022-0454", "CVE-2022-0455", "CVE-2022-0456", "CVE-2022-0457", "CVE-2022-0458", "CVE-2022-0459", "CVE-2022-0460", "CVE-2022-0461", "CVE-2022-0462", "CVE-2022-0463", "CVE-2022-0464", "CVE-2022-0465", "CVE-2022-0466", "CVE-2022-0467", "CVE-2022-0468", "CVE-2022-0469", "CVE-2022-0470", "CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-20T00:00:00", "id": "GLSA-202202-02", "href": "https://security.gentoo.org/glsa/202202-02", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2022-0609
