FreeBSDAB2D7F62-AF9D-11EC-A0B8-3065EC8FD3ECchromium -- multiple vulnerabilities
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.2%
Chrome Releases reports:
This release contains 28 security fixes, including:
[1292261] High CVE-2022-1125: Use after free in Portals.
Reported by Khalil Zhani on 2022-01-29
[1291891] High CVE-2022-1127: Use after free in QR Code
Generator. Reported by anonymous on 2022-01-28
[1301920] High CVE-2022-1128: Inappropriate implementation in
Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of
Shielder on 2022-03-01
[1300253] High CVE-2022-1129: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2022-02-24
[1142269] High CVE-2022-1130: Insufficient validation of
untrusted input in WebOTP. Reported by Sergey Toshin of
Oversecurity Inc. on 2020-10-25
[1297404] High CVE-2022-1131: Use after free in Cast UI.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2022-02-15
[1303410] High CVE-2022-1132: Inappropriate implementation in
Virtual Keyboard. Reported by Andr.Ess on 2022-03-07
[1305776] High CVE-2022-1133: Use after free in WebRTC.
Reported by Anonymous on 2022-03-13
[1308360] High CVE-2022-1134: Type Confusion in V8. Reported by
Man Yue Mo of GitHub Security Lab on 2022-03-21
[1285601] Medium CVE-2022-1135: Use after free in Shopping Cart.
Reported by Wei Yuan of MoyunSec VLab on 2022-01-09
[1280205] Medium CVE-2022-1136: Use after free in Tab Strip.
Reported by Krace on 2021-12-15
[1289846] Medium CVE-2022-1137: Inappropriate implementation in
Extensions. Reported by Thomas Orlita on 2022-01-22
[1246188] Medium CVE-2022-1138: Inappropriate implementation in
Web Cursor. Reported by Alesandro Ortiz on 2021-09-03
[1268541] Medium CVE-2022-1139: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-11-10
[1303253] Medium CVE-2022-1141: Use after free in File Manager.
Reported by raven at KunLun lab on 2022-03-05
[1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07
[1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07
[1304145] Medium CVE-2022-1144: Use after free in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-08
[1304545] Medium CVE-2022-1145: Use after free in Extensions.
Reported by Yakun Zhang of Baidu Security on 2022-03-09
[1290150] Low CVE-2022-1146: Inappropriate implementation in
Resource Timing. Reported by Sohom Datta on 2022-01-23
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.2%