Lucene search

K
freebsdFreeBSD9EECCBF3-6E26-11EC-BB10-3065EC8FD3EC
HistoryJan 04, 2022 - 12:00 a.m.

chromium -- multiple vulnerabilities

2022-01-0400:00:00
vuxml.freebsd.org
26

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.012

Percentile

85.3%

Chrome Releases reports:

This release contains 37 security fixes, including:

[$TBD][1275020] Critical CVE-2022-0096: Use after free in
Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
2021-11-30
[1117173] High CVE-2022-0097: Inappropriate implementation in
DevTools. Reported by David Erceg on 2020-08-17
[1273609] High CVE-2022-0098: Use after free in Screen Capture.
Reported by @ginggilBesel on 2021-11-24
[1245629] High CVE-2022-0099: Use after free in Sign-in.
Reported by Rox on 2021-09-01
[1238209] High CVE-2022-0100: Heap buffer overflow in Media
streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-08-10
[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
Reported by raven (@raid_akame) on 2021-09-14
[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
Brendon Tiszka on 2021-10-14
[1272266] High CVE-2022-0103: Use after free in SwiftShader.
Reported by Abraruddin Khan and Omair on 2021-11-21
[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
Reported by Abraruddin Khan and Omair on 2021-11-25
[1274376] High CVE-2022-0105: Use after free in PDF. Reported by
Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
Corp. Ltd. on 2021-11-28
[1278960] High CVE-2022-0106: Use after free in Autofill.
Reported by Khalil Zhani on 2021-12-10
[1248438] Medium CVE-2022-0107: Use after free in File Manager
API. Reported by raven (@raid_akame) on 2021-09-10
[1248444] Medium CVE-2022-0108: Inappropriate implementation in
Navigation. Reported by Luan Herrera (@lbherrera_) on
2021-09-10
[1261689] Medium CVE-2022-0109: Inappropriate implementation in
Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
Seoul National University on 2021-10-20
[1237310] Medium CVE-2022-0110: Incorrect security UI in
Autofill. Reported by Alesandro Ortiz on 2021-08-06
[1241188] Medium CVE-2022-0111: Inappropriate implementation in
Navigation. Reported by garygreen on 2021-08-18
[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
UI. Reported by Thomas Orlita on 2021-10-04
[1039885] Medium CVE-2022-0113: Inappropriate implementation in
Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
[1267627] Medium CVE-2022-0114: Out of bounds memory access in
Web Serial. Reported by Looben Yang on 2021-11-06
[1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
Reported by Mark Brand of Google Project Zero on 2021-11-10
[1272250] Medium CVE-2022-0116: Inappropriate implementation in
Compositing. Reported by Irvan Kurniawan (sourc7) on
2021-11-20
[1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
Reported by Dongsung Kim (@kid1ng) on 2020-08-13
[1238631] Low CVE-2022-0118: Inappropriate implementation in
WebShare. Reported by Alesandro Ortiz on 2021-08-11
[1262953] Low CVE-2022-0120: Inappropriate implementation in
Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 97.0.4692.71UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.012

Percentile

85.3%