Lucene search

K
freebsdFreeBSDB59847E0-346D-11ED-8FE9-3065EC8FD3EC
HistorySep 14, 2022 - 12:00 a.m.

chromium -- multiple vulnerabilities

2022-09-1400:00:00
vuxml.freebsd.org
56
chromium
vulnerabilities
security fixes
out of bounds write
use after free
heap buffer overflow
insufficient validation
pdf
frames
internals
devtools

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.8%

Chrome Releases reports:

This release includes 11 security fixes, including:

[1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31
[1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30
[1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30
[1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23
[1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22
[1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22
[1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 105.0.5195.125UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.8%