Lucene search

K
freebsdFreeBSDF12368A8-1E05-11ED-A1EF-3065EC8FD3EC
HistoryAug 16, 2022 - 12:00 a.m.

chromium -- multiple vulnerabilities

2022-08-1600:00:00
vuxml.freebsd.org
12

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

Chrome Releases reports:

This release contains 11 security fixes, including:

[1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
[1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
[1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
[1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21
[1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
[1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
[1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
[1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
[1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18
[1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium<Β 104.0.5112.101UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%