The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5163 advisory.
- Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)
- Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)
- Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)
- Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
(CVE-2022-2010)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
{"id": "DEBIAN_DSA-5163.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-5163-1 : chromium - security update", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5163 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-06-13T00:00:00", "modified": "2023-03-23T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/162152", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/bullseye/chromium", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2008", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2007", "https://security-tracker.debian.org/tracker/CVE-2022-2007", "https://security-tracker.debian.org/tracker/CVE-2022-2010", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2010", "https://www.debian.org/security/2022/dsa-5163", "https://security-tracker.debian.org/tracker/CVE-2022-2011", "https://security-tracker.debian.org/tracker/CVE-2022-2008", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2011", "https://security-tracker.debian.org/tracker/source-package/chromium"], "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "immutableFields": [], "lastseen": "2023-05-29T14:15:48", "viewCount": 13, "enchantments": {"score": {"value": 9.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-2008", "ALPINE:CVE-2022-2010"]}, {"type": "chrome", "idList": ["GCSA-6014598646949510537"]}, {"type": "cve", "idList": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5163-1:43040"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2007", "DEBIANCVE:CVE-2022-2008", "DEBIANCVE:CVE-2022-2010", "DEBIANCVE:CVE-2022-2011"]}, {"type": "fedora", "idList": ["FEDORA:16ADB302CDBA", "FEDORA:63A16302C983", "FEDORA:C6FE430979BC"]}, {"type": "freebsd", "idList": ["C80CE2DD-E831-11EC-BCD2-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202208-25"]}, {"type": "kaspersky", "idList": ["KLA12558"]}, {"type": "mageia", "idList": ["MGASA-2022-0232"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:553E789D665C7E7A1298EFE0276A4D50"]}, {"type": "mscve", "idList": ["MS:CVE-2022-2007", "MS:CVE-2022-2008", "MS:CVE-2022-2010", "MS:CVE-2022-2011"]}, {"type": "nessus", "idList": ["FEDORA_2022-3CA063941B.NASL", "FEDORA_2022-B49C9BC07A.NASL", "FREEBSD_PKG_C80CE2DDE83111ECBCD23065EC8FD3EC.NASL", "GENTOO_GLSA-202208-25.NASL", "GOOGLE_CHROME_102_0_5005_115.NASL", "MACOSX_GOOGLE_CHROME_102_0_5005_115.NASL", "MICROSOFT_EDGE_CHROMIUM_102_0_1245_41.NASL", "OPENSUSE-2022-10009-1.NASL", "OPENSUSE-2022-10057-1.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-5163-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10009-1", "OPENSUSE-SU-2022:10010-1", "OPENSUSE-SU-2022:10057-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2007", "UB:CVE-2022-2008", "UB:CVE-2022-2010", "UB:CVE-2022-2011"]}, {"type": "veracode", "idList": ["VERACODE:36034", "VERACODE:36035", "VERACODE:36036", "VERACODE:36037"]}]}, "epss": [{"cve": "CVE-2022-2007", "epss": 0.00085, "percentile": 0.34691, "modified": "2023-05-02"}, {"cve": "CVE-2022-2008", "epss": 0.00083, "percentile": 0.3379, "modified": "2023-05-02"}, {"cve": "CVE-2022-2010", "epss": 0.00076, "percentile": 0.30972, "modified": "2023-05-02"}, {"cve": "CVE-2022-2011", "epss": 0.00082, "percentile": 0.3335, "modified": "2023-05-02"}], "vulnersScore": 9.9}, "_state": {"score": 1685394090, "dependencies": 1685393179, "epss": 0}, "_internal": {"score_hash": "d89cc3b2af94216d539e3d2a64ffaf87"}, "pluginID": "162152", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5163. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162152);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Debian DSA-5163-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5163 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 102.0.5005.115-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '102.0.5005.115-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "solution": "Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 102.0.5005.115-1~deb11u1.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2022-2011", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-06-12T00:00:00", "vulnerabilityPublicationDate": "2022-06-09T00:00:00", "exploitableWith": []}
{"kaspersky": [{"lastseen": "2023-06-17T15:23:24", "description": "### *Detect date*:\n06/13/2022\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2008](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008>) \n[CVE-2022-2007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007>) \n[CVE-2022-2010](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010>) \n[CVE-2022-2011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2007](<https://vulners.com/cve/CVE-2022-2007>)5.0Critical \n[CVE-2022-2010](<https://vulners.com/cve/CVE-2022-2010>)5.0Critical \n[CVE-2022-2011](<https://vulners.com/cve/CVE-2022-2011>)5.0Critical \n[CVE-2022-2008](<https://vulners.com/cve/CVE-2022-2008>)5.0Critical\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-13T00:00:00", "type": "kaspersky", "title": "KLA12558 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-28T00:00:00", "id": "KLA12558", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12558/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-17T15:26:54", "description": "\n\nChrome Releases reports:\n\nThis release contains 7 security fixes, including:\n\n[1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17\n[1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19\n[1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13\n[1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-09T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-09T00:00:00", "id": "C80CE2DD-E831-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-29T14:16:11", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2022 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-13T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_102_0_1245_41.NASL", "href": "https://www.tenable.com/plugins/nessus/162168", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162168);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 13, 2022 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-13-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c00d2c8a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 102.0.1245.41 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '102.0.1245.41' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:16:23", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C80CE2DDE83111ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/161988", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161988);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?401fd0d4\");\n # https://vuxml.freebsd.org/freebsd/c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b40f6a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<102.0.5005.115'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:15:48", "description": "The version of Google Chrome installed on the remote Windows host is prior to 102.0.5005.115. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 102.0.5005.115 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_102_0_5005_115.NASL", "href": "https://www.tenable.com/plugins/nessus/161979", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161979);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Google Chrome < 102.0.5005.115 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 102.0.5005.115. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?401fd0d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1326210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1325298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330379\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 102.0.5005.115 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'102.0.5005.115', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:15:49", "description": "The version of Google Chrome installed on the remote macOS host is prior to 102.0.5005.115. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 102.0.5005.115 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_102_0_5005_115.NASL", "href": "https://www.tenable.com/plugins/nessus/161980", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161980);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Google Chrome < 102.0.5005.115 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 102.0.5005.115. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?401fd0d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1326210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1325298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330379\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 102.0.5005.115 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'102.0.5005.115', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-25T14:58:33", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10057-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163094", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10057-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163094);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2294\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d06180ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-88.0.4412.74-lp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:16:00", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10009-1 advisory.\n\n - Use after free in Indexed DB. (CVE-2022-1853)\n\n - Use after free in ANGLE. (CVE-2022-1854, CVE-2022-2011)\n\n - Use after free in Messaging. (CVE-2022-1855)\n\n - Use after free in User Education. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-1857, CVE-2022-1871)\n\n - Out of bounds read in DevTools. (CVE-2022-1858)\n\n - Use after free in Performance Manager. (CVE-2022-1859)\n\n - Use after free in UI Foundations. (CVE-2022-1860)\n\n - Use after free in Sharing. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions. (CVE-2022-1862)\n\n - Use after free in Tab Groups. (CVE-2022-1863)\n\n - Use after free in WebApp Installs. (CVE-2022-1864)\n\n - Use after free in Bookmarks. (CVE-2022-1865)\n\n - Use after free in Tablet Mode. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-1868)\n\n - Type Confusion in V8. (CVE-2022-1869)\n\n - Use after free in App Service. (CVE-2022-1870)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools. (CVE-2022-1876)\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10009-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10009-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162322", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10009-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162322);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-1853\",\n \"CVE-2022-1854\",\n \"CVE-2022-1855\",\n \"CVE-2022-1856\",\n \"CVE-2022-1857\",\n \"CVE-2022-1858\",\n \"CVE-2022-1859\",\n \"CVE-2022-1860\",\n \"CVE-2022-1861\",\n \"CVE-2022-1862\",\n \"CVE-2022-1863\",\n \"CVE-2022-1864\",\n \"CVE-2022-1865\",\n \"CVE-2022-1866\",\n \"CVE-2022-1867\",\n \"CVE-2022-1868\",\n \"CVE-2022-1869\",\n \"CVE-2022-1870\",\n \"CVE-2022-1871\",\n \"CVE-2022-1872\",\n \"CVE-2022-1873\",\n \"CVE-2022-1874\",\n \"CVE-2022-1875\",\n \"CVE-2022-1876\",\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10009-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10009-1 advisory.\n\n - Use after free in Indexed DB. (CVE-2022-1853)\n\n - Use after free in ANGLE. (CVE-2022-1854, CVE-2022-2011)\n\n - Use after free in Messaging. (CVE-2022-1855)\n\n - Use after free in User Education. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-1857, CVE-2022-1871)\n\n - Out of bounds read in DevTools. (CVE-2022-1858)\n\n - Use after free in Performance Manager. (CVE-2022-1859)\n\n - Use after free in UI Foundations. (CVE-2022-1860)\n\n - Use after free in Sharing. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions. (CVE-2022-1862)\n\n - Use after free in Tab Groups. (CVE-2022-1863)\n\n - Use after free in WebApp Installs. (CVE-2022-1864)\n\n - Use after free in Bookmarks. (CVE-2022-1865)\n\n - Use after free in Tablet Mode. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-1868)\n\n - Type Confusion in V8. (CVE-2022-1869)\n\n - Use after free in App Service. (CVE-2022-1870)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools. (CVE-2022-1876)\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200423\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RUXRSXC3TACZ74MCVMECNI7P2X6JM2NF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea5b2420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-102.0.5005.115-bp153.2.101.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-102.0.5005.115-bp153.2.101.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-102.0.5005.115-bp153.2.101.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-102.0.5005.115-bp153.2.101.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:13:36", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b49c9bc07a advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 36 : chromium (2022-b49c9bc07a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2023-03-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2022-B49C9BC07A.NASL", "href": "https://www.tenable.com/plugins/nessus/169151", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-b49c9bc07a\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169151);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\",\n \"CVE-2022-3195\",\n \"CVE-2022-3196\",\n \"CVE-2022-3197\",\n \"CVE-2022-3198\",\n \"CVE-2022-3199\",\n \"CVE-2022-3200\",\n \"CVE-2022-3201\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n script_xref(name:\"FEDORA\", value:\"2022-b49c9bc07a\");\n\n script_name(english:\"Fedora 36 : chromium (2022-b49c9bc07a)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-b49c9bc07a advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote\n attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101\n allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote\n attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an\n attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via\n a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52\n allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a\n remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed\n a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196,\n CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-b49c9bc07a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3199\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-105.0.5195.125-2.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-26T15:12:58", "description": "The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-3ca063941b advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 35 : chromium (2022-3ca063941b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2023-03-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2022-3CA063941B.NASL", "href": "https://www.tenable.com/plugins/nessus/169098", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-3ca063941b\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169098);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/30\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\",\n \"CVE-2022-3195\",\n \"CVE-2022-3196\",\n \"CVE-2022-3197\",\n \"CVE-2022-3198\",\n \"CVE-2022-3199\",\n \"CVE-2022-3200\",\n \"CVE-2022-3201\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n script_xref(name:\"FEDORA\", value:\"2022-3ca063941b\");\n\n script_name(english:\"Fedora 35 : chromium (2022-3ca063941b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-3ca063941b advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote\n attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101\n allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote\n attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an\n attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via\n a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52\n allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a\n remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed\n a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196,\n CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-3ca063941b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3199\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-105.0.5195.125-2.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T20:28:39", "description": "The remote host is affected by the vulnerability described in GLSA-202208-25 (Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)\n\n - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790)\n\n - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.\n (CVE-2022-0791)\n\n - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)\n\n - Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-0793)\n\n - Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0794)\n\n - Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0795)\n\n - Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0796)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2022-0797)\n\n - Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-0798)\n\n - Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.\n (CVE-2022-0799)\n\n - Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0800)\n\n - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0802, CVE-2022-0804)\n\n - Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0803)\n\n - Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. (CVE-2022-0805)\n\n - Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. (CVE-2022-0806)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0807)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808)\n\n - Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0809)\n\n - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0971)\n\n - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0972)\n\n - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)\n\n - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974)\n\n - Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0975, CVE-2022-0978)\n\n - Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0976)\n\n - Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0977)\n\n - Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0979)\n\n - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980)\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\n - Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.\n (CVE-2022-1125)\n\n - Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. (CVE-2022-1127)\n\n - Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.\n (CVE-2022-1128)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2022-1129)\n\n - Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. (CVE-2022-1130)\n\n - Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1131)\n\n - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.\n (CVE-2022-1132)\n\n - Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1133)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1134)\n\n - Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. (CVE-2022-1135)\n\n - Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. (CVE-2022-1136)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. (CVE-2022-1137)\n\n - Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1138)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1139)\n\n - Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture. (CVE-2022-1141)\n\n - Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. (CVE-2022-1142, CVE-2022-1143)\n\n - Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. (CVE-2022-1144)\n\n - Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction. (CVE-2022-1145)\n\n - Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1146)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1232)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1305)\n\n - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306)\n\n - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307)\n\n - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1308)\n\n - Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1309)\n\n - Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1310)\n\n - Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1311)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.\n (CVE-2022-1312)\n\n - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1314)\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\n - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1477)\n\n - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1479)\n\n - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1481)\n\n - Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1482)\n\n - Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1483)\n\n - Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1484)\n\n - Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1485)\n\n - Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-1486)\n\n - Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. (CVE-2022-1487)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (CVE-2022-1488)\n\n - Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.\n (CVE-2022-1489)\n\n - Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1490)\n\n - Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1491)\n\n - Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. (CVE-2022-1492)\n\n - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493)\n\n - Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. (CVE-2022-1494)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. (CVE-2022-1495)\n\n - Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1496)\n\n - Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. (CVE-2022-1497)\n\n - Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1498)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2022-1499)\n\n - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-1500)\n\n - Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1501)\n\n - Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1633)\n\n - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1634)\n\n - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1635)\n\n - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636)\n\n - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1639)\n\n - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1640)\n\n - Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. (CVE-2022-1641)\n\n - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1854)\n\n - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855)\n\n - Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (CVE-2022-1857)\n\n - Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. (CVE-2022-1858)\n\n - Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1859)\n\n - Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1860)\n\n - Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.\n (CVE-2022-1862)\n\n - Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1863)\n\n - Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1864)\n\n - Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1865)\n\n - Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-1868)\n\n - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1869)\n\n - Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-1870)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. (CVE-2022-1871)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1876)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\n - Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2022-2165)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-24475)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523, CVE-2022-26905)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26891)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26894)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26895)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26900)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26908)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912. (CVE-2022-26909)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909. (CVE-2022-26912)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. (CVE-2022-30127)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. (CVE-2022-30128)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. (CVE-2022-30192)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. (CVE-2022-33638)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-0801) \n - Please review the referenced CVE identifiers for details. (CVE-2022-29144, CVE-2022-29146, CVE-2022-29147)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "GLSA-202208-25 : Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30551", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-0971", "CVE-2022-0972", "CVE-2022-0973", "CVE-2022-0974", "CVE-2022-0975", "CVE-2022-0976", "CVE-2022-0977", "CVE-2022-0978", "CVE-2022-0979", "CVE-2022-0980", "CVE-2022-1096", "CVE-2022-1125", "CVE-2022-1127", "CVE-2022-1128", "CVE-2022-1129", "CVE-2022-1130", "CVE-2022-1131", "CVE-2022-1132", "CVE-2022-1133", "CVE-2022-1134", "CVE-2022-1135", "CVE-2022-1136", "CVE-2022-1137", "CVE-2022-1138", "CVE-2022-1139", "CVE-2022-1141", "CVE-2022-1142", "CVE-2022-1143", "CVE-2022-1144", "CVE-2022-1145", "CVE-2022-1146", "CVE-2022-1232", "CVE-2022-1305", "CVE-2022-1306", "CVE-2022-1307", "CVE-2022-1308", "CVE-2022-1309", "CVE-2022-1310", "CVE-2022-1311", "CVE-2022-1312", "CVE-2022-1313", "CVE-2022-1314", "CVE-2022-1364", "CVE-2022-1477", "CVE-2022-1478", "CVE-2022-1479", "CVE-2022-1481", "CVE-2022-1482", "CVE-2022-1483", "CVE-2022-1484", "CVE-2022-1485", "CVE-2022-1486", "CVE-2022-1487", "CVE-2022-1488", "CVE-2022-1489", "CVE-2022-1490", "CVE-2022-1491", "CVE-2022-1492", "CVE-2022-1493", "CVE-2022-1494", "CVE-2022-1495", "CVE-2022-1496", "CVE-2022-1497", "CVE-2022-1498", "CVE-2022-1499", "CVE-2022-1500", "CVE-2022-1501", "CVE-2022-1633", "CVE-2022-1634", "CVE-2022-1635", "CVE-2022-1636", "CVE-2022-1637", "CVE-2022-1639", "CVE-2022-1640", "CVE-2022-1641", "CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-22021", "CVE-2022-24475", "CVE-2022-24523", "CVE-2022-26891", "CVE-2022-26894", "CVE-2022-26895", "CVE-2022-26900", "CVE-2022-26905", "CVE-2022-26908", "CVE-2022-26909", "CVE-2022-26912", "CVE-2022-29144", "CVE-2022-29146", "CVE-2022-29147", "CVE-2022-30127", "CVE-2022-30128", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2022-12-01T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "p-cpe:/a:gentoo:linux:qtwebengine", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-25.NASL", "href": "https://www.tenable.com/plugins/nessus/164112", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-25.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164112);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/01\");\n\n script_cve_id(\n \"CVE-2021-4052\",\n \"CVE-2021-4053\",\n \"CVE-2021-4054\",\n \"CVE-2021-4055\",\n \"CVE-2021-4056\",\n \"CVE-2021-4057\",\n \"CVE-2021-4058\",\n \"CVE-2021-4059\",\n \"CVE-2021-4061\",\n \"CVE-2021-4062\",\n \"CVE-2021-4063\",\n \"CVE-2021-4064\",\n \"CVE-2021-4065\",\n \"CVE-2021-4066\",\n \"CVE-2021-4067\",\n \"CVE-2021-4068\",\n \"CVE-2021-4078\",\n \"CVE-2021-4079\",\n \"CVE-2021-30551\",\n \"CVE-2022-0789\",\n \"CVE-2022-0790\",\n \"CVE-2022-0791\",\n \"CVE-2022-0792\",\n \"CVE-2022-0793\",\n \"CVE-2022-0794\",\n \"CVE-2022-0795\",\n \"CVE-2022-0796\",\n \"CVE-2022-0797\",\n \"CVE-2022-0798\",\n \"CVE-2022-0799\",\n \"CVE-2022-0800\",\n \"CVE-2022-0801\",\n \"CVE-2022-0802\",\n \"CVE-2022-0803\",\n \"CVE-2022-0804\",\n \"CVE-2022-0805\",\n \"CVE-2022-0806\",\n \"CVE-2022-0807\",\n \"CVE-2022-0808\",\n \"CVE-2022-0809\",\n \"CVE-2022-0971\",\n \"CVE-2022-0972\",\n \"CVE-2022-0973\",\n \"CVE-2022-0974\",\n \"CVE-2022-0975\",\n \"CVE-2022-0976\",\n \"CVE-2022-0977\",\n \"CVE-2022-0978\",\n \"CVE-2022-0979\",\n \"CVE-2022-0980\",\n \"CVE-2022-1096\",\n \"CVE-2022-1125\",\n \"CVE-2022-1127\",\n \"CVE-2022-1128\",\n \"CVE-2022-1129\",\n \"CVE-2022-1130\",\n \"CVE-2022-1131\",\n \"CVE-2022-1132\",\n \"CVE-2022-1133\",\n \"CVE-2022-1134\",\n \"CVE-2022-1135\",\n \"CVE-2022-1136\",\n \"CVE-2022-1137\",\n \"CVE-2022-1138\",\n \"CVE-2022-1139\",\n \"CVE-2022-1141\",\n \"CVE-2022-1142\",\n \"CVE-2022-1143\",\n \"CVE-2022-1144\",\n \"CVE-2022-1145\",\n \"CVE-2022-1146\",\n \"CVE-2022-1232\",\n \"CVE-2022-1305\",\n \"CVE-2022-1306\",\n \"CVE-2022-1307\",\n \"CVE-2022-1308\",\n \"CVE-2022-1309\",\n \"CVE-2022-1310\",\n \"CVE-2022-1311\",\n \"CVE-2022-1312\",\n \"CVE-2022-1313\",\n \"CVE-2022-1314\",\n \"CVE-2022-1364\",\n \"CVE-2022-1477\",\n \"CVE-2022-1478\",\n \"CVE-2022-1479\",\n \"CVE-2022-1481\",\n \"CVE-2022-1482\",\n \"CVE-2022-1483\",\n \"CVE-2022-1484\",\n \"CVE-2022-1485\",\n \"CVE-2022-1486\",\n \"CVE-2022-1487\",\n \"CVE-2022-1488\",\n \"CVE-2022-1489\",\n \"CVE-2022-1490\",\n \"CVE-2022-1491\",\n \"CVE-2022-1492\",\n \"CVE-2022-1493\",\n \"CVE-2022-1494\",\n \"CVE-2022-1495\",\n \"CVE-2022-1496\",\n \"CVE-2022-1497\",\n \"CVE-2022-1498\",\n \"CVE-2022-1499\",\n \"CVE-2022-1500\",\n \"CVE-2022-1501\",\n \"CVE-2022-1633\",\n \"CVE-2022-1634\",\n \"CVE-2022-1635\",\n \"CVE-2022-1636\",\n \"CVE-2022-1637\",\n \"CVE-2022-1639\",\n \"CVE-2022-1640\",\n \"CVE-2022-1641\",\n \"CVE-2022-1853\",\n \"CVE-2022-1854\",\n \"CVE-2022-1855\",\n \"CVE-2022-1856\",\n \"CVE-2022-1857\",\n \"CVE-2022-1858\",\n \"CVE-2022-1859\",\n \"CVE-2022-1860\",\n \"CVE-2022-1861\",\n \"CVE-2022-1862\",\n \"CVE-2022-1863\",\n \"CVE-2022-1864\",\n \"CVE-2022-1865\",\n \"CVE-2022-1866\",\n \"CVE-2022-1867\",\n \"CVE-2022-1868\",\n \"CVE-2022-1869\",\n \"CVE-2022-1870\",\n \"CVE-2022-1871\",\n \"CVE-2022-1872\",\n \"CVE-2022-1873\",\n \"CVE-2022-1874\",\n \"CVE-2022-1875\",\n \"CVE-2022-1876\",\n \"CVE-2022-2007\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\",\n \"CVE-2022-22021\",\n \"CVE-2022-24475\",\n \"CVE-2022-24523\",\n \"CVE-2022-26891\",\n \"CVE-2022-26894\",\n \"CVE-2022-26895\",\n \"CVE-2022-26900\",\n \"CVE-2022-26905\",\n \"CVE-2022-26908\",\n \"CVE-2022-26909\",\n \"CVE-2022-26912\",\n \"CVE-2022-29144\",\n \"CVE-2022-29146\",\n \"CVE-2022-29147\",\n \"CVE-2022-30127\",\n \"CVE-2022-30128\",\n \"CVE-2022-30192\",\n \"CVE-2022-33638\",\n \"CVE-2022-33639\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"GLSA-202208-25 : Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-25 (Chromium, Google Chrome, Microsoft Edge,\nQtWebEngine: Multiple Vulnerabilities)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user\n to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)\n\n - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a\n user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML\n page. (CVE-2022-0790)\n\n - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via user interactions.\n (CVE-2022-0791)\n\n - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)\n\n - Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to\n install a malicious extension and engage in specific user interaction to potentially exploit heap\n corruption via a crafted Chrome Extension. (CVE-2022-0793)\n\n - Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced\n a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2022-0794)\n\n - Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0795)\n\n - Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0796)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (CVE-2022-0797)\n\n - Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension. (CVE-2022-0798)\n\n - Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a\n remote attacker to perform local privilege escalation via a crafted offline installer file.\n (CVE-2022-0799)\n\n - Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-0800)\n\n - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed\n a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0802,\n CVE-2022-0804)\n\n - Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote\n attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0803)\n\n - Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via user\n interaction. (CVE-2022-0805)\n\n - Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user\n to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. (CVE-2022-0806)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0807)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote\n attacker who convinced a user to engage in a series of user interaction to potentially exploit heap\n corruption via user interactions. (CVE-2022-0808)\n\n - Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0809)\n\n - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0971)\n\n - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0972)\n\n - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)\n\n - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0974)\n\n - Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0975, CVE-2022-0978)\n\n - Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0976)\n\n - Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker\n who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-0977)\n\n - Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0979)\n\n - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific user\n interactions. (CVE-2022-0980)\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\n - Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced\n a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.\n (CVE-2022-1125)\n\n - Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via user\n interaction. (CVE-2022-1127)\n\n - Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed\n an attacker on the local network segment to leak cross-origin data via a crafted HTML page.\n (CVE-2022-1128)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2022-1129)\n\n - Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60\n allowed a remote attacker to send arbitrary intents from any app via a malicious app. (CVE-2022-1130)\n\n - Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1131)\n\n - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60\n allowed a local attacker to bypass navigation restrictions via physical access to the device.\n (CVE-2022-1132)\n\n - Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1133)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1134)\n\n - Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to\n potentially exploit heap corruption via standard feature user interaction. (CVE-2022-1135)\n\n - Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific set of user\n gestures. (CVE-2022-1136)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who\n convinced a user to install a malicious extension to leak potentially sensitive information via a crafted\n HTML page. (CVE-2022-1137)\n\n - Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote\n attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a\n crafted HTML page. (CVE-2022-1138)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1139)\n\n - Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via\n specific user gesture. (CVE-2022-1141)\n\n - Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via\n specific input into DevTools. (CVE-2022-1142, CVE-2022-1143)\n\n - Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a\n user to engage in specific user interaction to potentially exploit heap corruption via specific input into\n DevTools. (CVE-2022-1144)\n\n - Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific user interaction\n and profile destruction. (CVE-2022-1145)\n\n - Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1146)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1232)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1305)\n\n - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote\n attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306)\n\n - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307)\n\n - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1308)\n\n - Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a\n remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1309)\n\n - Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1310)\n\n - Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1311)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user\n to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.\n (CVE-2022-1312)\n\n - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1314)\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\n - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1477)\n\n - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1479)\n\n - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1481)\n\n - Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1482)\n\n - Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1483)\n\n - Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1484)\n\n - Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1485)\n\n - Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-1486)\n\n - Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via running a Wayland test. (CVE-2022-1487)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker\n who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome\n Extension. (CVE-2022-1488)\n\n - Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41\n allowed a remote attacker to potentially exploit heap corruption via specific user interactions.\n (CVE-2022-1489)\n\n - Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1490)\n\n - Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1491)\n\n - Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to inject arbitrary scripts or HTML via a crafted HTML page. (CVE-2022-1492)\n\n - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493)\n\n - Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass trusted types policy via a crafted HTML page. (CVE-2022-1494)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote\n attacker to spoof the APK downloads dialog via a crafted HTML page. (CVE-2022-1495)\n\n - Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1496)\n\n - Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n spoof the contents of cross-origin websites via a crafted HTML page. (CVE-2022-1497)\n\n - Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1498)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass same origin policy via a crafted HTML page. (CVE-2022-1499)\n\n - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass content security policy via a crafted HTML page. (CVE-2022-1500)\n\n - Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2022-1501)\n\n - Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via specific user interactions. (CVE-2022-1633)\n\n - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had\n convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific\n user interactions. (CVE-2022-1634)\n\n - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n user interactions. (CVE-2022-1635)\n\n - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636)\n\n - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1639)\n\n - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced\n a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2022-1640)\n\n - Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via specific user interaction. (CVE-2022-1641)\n\n - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1854)\n\n - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855)\n\n - Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension or specific user interaction. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a\n remote attacker to bypass file system restrictions via a crafted HTML page. (CVE-2022-1857)\n\n - Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n perform an out of bounds memory read via specific user interaction. (CVE-2022-1858)\n\n - Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker\n who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1859)\n\n - Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via specific user interactions. (CVE-2022-1860)\n\n - Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker\n who convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific user interaction. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who\n convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.\n (CVE-2022-1862)\n\n - Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension and specific user interaction. (CVE-2022-1863)\n\n - Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension and specific user interaction. (CVE-2022-1864)\n\n - Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension and specific user interaction. (CVE-2022-1865)\n\n - Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific user interactions. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61\n allowed a remote attacker to bypass same origin policy via a crafted clipboard content. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker\n who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML\n page. (CVE-2022-1868)\n\n - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1869)\n\n - Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension. (CVE-2022-1870)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an\n attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted\n HTML page. (CVE-2022-1871)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a\n remote attacker to bypass downloads protection policy via a crafted HTML page. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1876)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an\n attacker who convinced a user to install a malicious extension to obtain potentially sensitive information\n from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\n - Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n convinced the user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53\n allowed a remote attacker to bypass file system access via a crafted HTML page. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker\n who convinced a user to install a malicious extension to bypass discretionary access control via a crafted\n HTML page. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote\n attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2022-2165)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-24475)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523, CVE-2022-26905)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26891)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26894)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26895)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26900)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26908)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908,\n CVE-2022-26912. (CVE-2022-26909)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908,\n CVE-2022-26909. (CVE-2022-26912)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30128. (CVE-2022-30127)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30127. (CVE-2022-30128)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-33638, CVE-2022-33639. (CVE-2022-30192)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30192, CVE-2022-33639. (CVE-2022-33638)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-0801)\n \n - Please review the referenced CVE identifiers for details. (CVE-2022-29144, CVE-2022-29146,\n CVE-2022-29147)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-25\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=773040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=787950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=800181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=810781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=815397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=828519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=834477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=841371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=847370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=847613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=848864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=851003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=851009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=853229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=853643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=854372\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-103.0.5060.53\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-103.0.5060.53\n \nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-103.0.5060.53\n \nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-103.0.5060.53\n \nAll QtWebEngine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=dev-qt/qtwebengine-5.15.5_p20220618\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0809\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"dev-qt/qtwebengine\",\n 'unaffected' : make_list(\"ge 5.15.5_p20220618\"),\n 'vulnerable' : make_list(\"lt 5.15.5_p20220618\")\n },\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 103.0.5060.53\"),\n 'vulnerable' : make_list(\"lt 103.0.5060.53\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 103.0.5060.53\"),\n 'vulnerable' : make_list(\"lt 103.0.5060.53\")\n },\n {\n 'name' : \"www-client/microsoft-edge\",\n 'unaffected' : make_list(\"ge 101.0.1210.47\"),\n 'vulnerable' : make_list(\"lt 101.0.1210.47\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome / Microsoft Edge / QtWebEngine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-10T07:15:59", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 102.0.5005.115-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.8}, "published": "2022-06-12T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2007"], "modified": "2022-08-10T07:15:56", "id": "OSV:DSA-5163-1", "href": "https://osv.dev/vulnerability/DSA-5163-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-06-17T16:29:04", "description": "The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: Use after free in WebGPU. (CVE-2022-2007) Out of bounds memory access in WebGL. (CVE-2022-2008) Out of bounds read in compositing. (CVE-2022-2010) Use after free in ANGLE. (CVE-2022-2011) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-16T21:05:59", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-16T21:05:59", "id": "MGASA-2022-0232", "href": "https://advisories.mageia.org/MGASA-2022-0232.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-06T19:34:01", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium 102.0.5005.115 (boo#1200423)\n * CVE-2022-2007: Use after free in WebGPU\n * CVE-2022-2008: Out of bounds memory access in WebGL\n * CVE-2022-2010: Out of bounds read in compositing\n * CVE-2022-2011: Use after free in ANGLE\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10010=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-15T00:00:00", "type": "suse", "title": "Security update for chromium (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-15T00:00:00", "id": "OPENSUSE-SU-2022:10010-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQH6PSD7KEJELPMITIH22447OE2UFOEG/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-08T04:08:17", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 88.0.4412.74:\n\n - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches\n\n Update to 88.0.4412.53\n\n - DNA-99108 [Lin] Options on video pop out not possible to change\n - DNA-99832 On automatic video popout, close button should not stop video\n - DNA-99833 Allow turning on and off of each 'BABE' section from gear\n icon\n - DNA-99852 Default browser in Mac installer\n - DNA-99993 Crashes in AudioFileReaderTest,\n FFmpegAACBitstreamConverterTest\n - DNA-100045 iFrame Exception not unblocked with Acceptable Ads\n - DNA-100291 Update snapcraft uploading/releasing in scripts to use\n craft store\n\n Changes in 88.0.4412.40\n\n - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115\n - DNA-99713 Sizing issues with video conferencing controls in PiP window\n - DNA-99831 Add 'back to tab' button like on video pop-out\n\n - The update to chromium 102.0.5005.115 fixes following issues:\n CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011\n\n Changes in 88.0.4412.27\n\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412\n - DNA-99969 Promote O88 to stable\n\n - Complete Opera 88.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-88/\n\n Update to 87.0.4390.45\n\n - DNA-99478 Top Sites don\ufffd\ufffd\ufffdt always has big icon\n - DNA-99702 Enable Acceptable Ads for stable stream\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n\n - Update to 87.0.4390.36\n - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67\n - DNA-99190 Investigate windows installer signature errors on win7\n - DNA-99502 Sidebar \ufffd\ufffd\ufffd API to open panels\n - DNA-99593 Report sad tab displayed counts per kind\n - DNA-99628 Personalized Speed Dial context menu issue fix\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10057-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-03T16:57:05", "description": "An update that fixes 28 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 102.0.5005.115 (boo#1200423)\n * CVE-2022-2007: Use after free in WebGPU\n * CVE-2022-2008: Out of bounds memory access in WebGL\n * CVE-2022-2010: Out of bounds read in compositing\n * CVE-2022-2011: Use after free in ANGLE\n\n Chromium 102.0.5001.61 (boo#1199893)\n\n * CVE-2022-1853: Use after free in Indexed DB\n * CVE-2022-1854: Use after free in ANGLE\n * CVE-2022-1855: Use after free in Messaging\n * CVE-2022-1856: Use after free in User Education\n * CVE-2022-1857: Insufficient policy enforcement in File System API\n * CVE-2022-1858: Out of bounds read in DevTools\n * CVE-2022-1859: Use after free in Performance Manager\n * CVE-2022-1860: Use after free in UI Foundations\n * CVE-2022-1861: Use after free in Sharing\n * CVE-2022-1862: Inappropriate implementation in Extensions\n * CVE-2022-1863: Use after free in Tab Groups\n * CVE-2022-1864: Use after free in WebApp Installs\n * CVE-2022-1865: Use after free in Bookmarks\n * CVE-2022-1866: Use after free in Tablet Mode\n * CVE-2022-1867: Insufficient validation of untrusted input in Data\n Transfer\n * CVE-2022-1868: Inappropriate implementation in Extensions API\n * CVE-2022-1869: Type Confusion in V8\n * CVE-2022-1870: Use after free in App Service\n * CVE-2022-1871: Insufficient policy enforcement in File System API\n * CVE-2022-1872: Insufficient policy enforcement in Extensions API\n * CVE-2022-1873: Insufficient policy enforcement in COOP\n * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing\n * CVE-2022-1875: Inappropriate implementation in PDF\n * CVE-2022-1876: Heap buffer overflow in DevTools\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10009=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-06-15T00:00:00", "type": "suse", "title": "Security update for chromium (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-15T00:00:00", "id": "OPENSUSE-SU-2022:10009-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RUXRSXC3TACZ74MCVMECNI7P2X6JM2NF/", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2023-06-17T14:35:31", "description": "The Stable channel has been updated to 102.0.5005.115 for Windows, Mac and Linux which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/102.0.5005.61..102.0.5005.115?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [7](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M102>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$10000][[1326210](<https://crbug.com/1326210>)] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17\n\n[$TBD][[1317673](<https://crbug.com/1317673>)] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19\n\n[$NA][[1325298](<https://crbug.com/1325298>)] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13\n\n[$TBD][[1330379](<https://crbug.com/1330379>)] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1333948](<https://crbug.com/1333948>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-09T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-09T00:00:00", "id": "GCSA-6014598646949510537", "href": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-06-28T14:38:53", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5163-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 12, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 102.0.5005.115-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-12T17:53:51", "type": "debian", "title": "[SECURITY] [DSA 5163-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-12T17:53:51", "id": "DEBIAN:DSA-5163-1:43040", "href": "https://lists.debian.org/debian-security-announce/2022/msg00131.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2022-06-13T15:00:52", "description": "Users of Chrome have been advised to [apply updates](<https://www.zdnet.com/article/time-to-update-google-patches-seven-chrome-browser-bugs-four-rated-high-risk/>) as soon as possible related to seven security vulnerabilities. [CISA has also warned](<https://www.cisa.gov/uscert/ncas/current-activity/2022/06/10/google-releases-security-updates-chrome>) that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patches.\n\nChrome 102.0.5005.115 is [due to roll out](<https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html>) over the coming days/weeks. This is for all users regardless of whether they use Windows, Linux, or Mac.\n\n## The vulnerabilities\n\nFour of the seven issues have been rated as high risk.\n\n[CVE-2022-2007](<https://www.cvedetails.com/cve/CVE-2007-2022/>): Use after free in WebGPU. This can allow manipulation of the memory layer of the browser, with the possibility of remote code execution as per [an older example](<https://blog.talosintelligence.com/2020/08/vuln-spotlight-chrome-use-free-aug-2020.html>).\n\n[CVE-2022-2008](<https://www.cvedetails.com/cve/CVE-2007-2008/>): Out of bounds memory access in WebGL.\n\n[CVE-2022-2010](<https://www.cvedetails.com/cve/CVE-2007-2010/>): Out of bounds read in compositing. According to [reports](<https://vuldb.com/?id.201623>), the attack may be initiated remotely and no form of authentication is required for exploitation, but some form of user interaction is required.\n\n[CVE-2022-2011](<https://www.cvedetails.com/cve/CVE-2007-2011/>): Use after free in ANGLE. [Almost Native Graphics Layer Engine](<https://en.wikipedia.org/wiki/ANGLE_\\(software\\)#:~:text=ANGLE%20\\(Almost%20Native%20Graphics%20Layer,limitations%20of%20OpenGL%20ES%20standard.>) (ANGLE) is an "open source, cross-platform graphics engine abstraction layer" which was developed by Google.\n\n## Next steps\n\nMore details likely won't be forthcoming for a while yet, so it's crucial to [apply updates](<https://support.google.com/chrome/answer/95414>) as soon as possible.\n\nIn Chrome, click the **More** icon, then **Help** -> **About Google Chrome.** From here, you'll be able to see your current update status and apply the update as required.\n\nThis should be all you need to do to keep the above security vulnerabilities at bay.\n\nThe post [Update Chrome now: Four high risk vulnerabilities found](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-chrome-now-four-high-risk-vulnerabilities-found/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-06-13T14:20:34", "type": "malwarebytes", "title": "Update Chrome now: Four high risk vulnerabilities found", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2008", "CVE-2007-2010", "CVE-2007-2011", "CVE-2007-2022", "CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-13T14:20:34", "id": "MALWAREBYTES:553E789D665C7E7A1298EFE0276A4D50", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-chrome-now-four-high-risk-vulnerabilities-found/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-08-15T15:31:36", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "CVE-2022-2007", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-10-26T13:49:00", "id": "PRION:CVE-2022-2007", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-15T15:31:44", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "CVE-2022-2011", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-10-26T13:49:00", "id": "PRION:CVE-2022-2011", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-15T15:31:42", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "CVE-2022-2010", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-10-26T13:48:00", "id": "PRION:CVE-2022-2010", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-15T15:31:37", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "CVE-2022-2008", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-10-27T18:08:00", "id": "PRION:CVE-2022-2008", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-17T14:40:23", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2007", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2007", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:40:23", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2011", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2011", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T14:40:23", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2010", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2010", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-17T14:40:23", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2008", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2008", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-06-17T16:39:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-13T19:41:56", "type": "mscve", "title": "Chromium: CVE-2022-2007 Use after free in WebGPU", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-06-13T19:41:56", "id": "MS:CVE-2022-2007", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T16:39:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-13T19:42:05", "type": "mscve", "title": "Chromium: CVE-2022-2011 Use after free in ANGLE", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-06-13T19:42:05", "id": "MS:CVE-2022-2011", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T16:39:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-13T19:42:03", "type": "mscve", "title": "Chromium: CVE-2022-2010 Out of bounds read in compositing", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-06-13T19:42:03", "id": "MS:CVE-2022-2010", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-17T16:39:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-13T19:41:59", "type": "mscve", "title": "Chromium: CVE-2022-2008 Out of bounds memory access in WebGL", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-06-13T19:41:59", "id": "MS:CVE-2022-2008", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-17T14:33:03", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2011", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-10-26T13:49:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-17T14:32:45", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2007", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-10-26T13:49:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2007", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-17T14:32:54", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2010", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-10-26T13:48:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2010", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-17T14:32:49", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2008", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-10-27T18:08:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-06-29T13:29:52", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2011", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2011", "href": "https://ubuntu.com/security/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-18T13:19:12", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2007", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2007", "href": "https://ubuntu.com/security/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-18T13:19:12", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2008", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2008", "href": "https://ubuntu.com/security/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-29T13:29:53", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2010", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2010", "href": "https://ubuntu.com/security/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "veracode": [{"lastseen": "2023-06-17T19:55:29", "description": "chrome is vulnerable to use after free. The vulnerability exists due to a memory corruption in ANGLE which allows an attacker to potentially exploit heap corruption via a malicious HTML page. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-18T17:03:46", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2023-04-27T15:49:15", "id": "VERACODE:36034", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36034/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T19:55:29", "description": "chrome is vulnerable to Use after free. The vulnerability exists due to a use after free in WebGPU allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-18T17:04:41", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2023-04-27T15:49:28", "id": "VERACODE:36037", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36037/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T20:12:48", "description": "chrome is vulnerable to out of bounds read. The vulnerability exists due to an out of bounds read in compositing allowing a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-18T17:03:47", "type": "veracode", "title": "Out-of-Bounds Read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-10-26T14:15:09", "id": "VERACODE:36035", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36035/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-17T20:12:49", "description": "chrome is vulnerable to Out of bounds read. The vulnerability exists due to an out of bounds memory access in WebGL which allows an attacker to potentially exploit heap corruption via a malicious HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-18T17:04:35", "type": "veracode", "title": "Out-of-Bounds Read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-10-27T20:15:34", "id": "VERACODE:36036", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36036/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:07", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T01:15:00", "type": "alpinelinux", "title": "CVE-2022-2010", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-10-26T13:48:00", "id": "ALPINE:CVE-2022-2010", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-23T11:06:07", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "alpinelinux", "title": "CVE-2022-2008", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-10-27T18:08:00", "id": "ALPINE:CVE-2022-2008", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2022-06-24T21:57:29", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 55 vulnerabilities (aka flaws) in the June 2022 update, including three (3) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday cumulative Windows update includes the fix for one (1) zero-day vulnerability ([CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)). Microsoft also released an advisory for Intel Processor MMIO Stale Data Vulnerabilitie to address four (4) Intel vulnerabilities ([Microsoft Advisory 220002](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220002>), [Intel-SA-00615](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)).\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing vulnerabilities.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation in the wild with the exception of an update to [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability made public in May.\n\n### The June 2022 Microsoft vulnerabilities are classified as follows: \n\n\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/06/15/microsoft-patches-55-vulnerabilities-including-one-zero-day-and-three-critical-in-the-june-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nMicrosoft has fixed the widely-exploited _**Windows Follina MSDT zero-day**_ vulnerability tracked as[ CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) in the June 2022 Updates.\n\nThe update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected._**\n\nOn May 31st Qualys released **QID 91909 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability (Follina) (Zero Day)**. \n \nOn June 14th, Microsoft released the patch for this vulnerability in the June 2022 cumulative Windows Updates. \n \nQualys will modify our existing detection signature to check for the PATCH ONLY and apply a minor title revision to remove the zero-day reference:** QID 91909 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability (Follina).** \n \nQualys will also release a NEW Information Gathered (IG) detection that will test for the MITIGATION ONLY: **QID 45538 Microsoft Support Diagnostic Tool (MSDT) URL Protocol Vulnerability Disabled (Follina Mitigation Enabled).** \n \nThese updates will be included in the June 14th evening\u2019s Patch Tuesday release cycle. \n_(VULNSIGS-2.5.504-4, QAGENT-SIGNATURE-SET-2.5.504.4-3, LX_MANIFEST-2.5.504.4-4)_ \n--- \n \n\n\n _Examine a potential attack vector as well as technical details of Follina, and chart the ability to detect this new vulnerability using both Qualys Multi-Vector EDR and Qualys Context XDR._ [Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR](<https://blog.qualys.com/product-tech/2022/06/14/detect-the-follina-msdt-vulnerability-cve-2022-30190-with-qualys-multi-vector-edr-context-xdr>)\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/05/31/microsoft-windows-support-diagnostic-tool-msdt-remote-code-execution-vulnerability-cve-2022-30190/>)\n\n* * *\n\n### Microsoft Guidance on Intel [Processor MMIO Stale Data Vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)\n\n#### [Microsoft Advisory 220002](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220002>), [Intel-SA-00615](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)\n\nOn June 14, 2022, Intel published information about a class of memory-mapped I/O vulnerabilities known as [Processor MMIO Stale Data Vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>).\n\nAn attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.\n\nThese vulnerabilities are known as:\n\n * [CVE-2022-21123](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21123>) | Shared Buffer Data Read (SBDR) \n * [CVE-2022-21125](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21125>) | Shared Buffer Data Sampling (SBDS)\n * [CVE-2022-21127](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21127>) | Special Register Buffer Data Sampling Update (SRBDS Update)\n * [CVE-2022-21166](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21166>) | Device Register Partial Write (DRPW)\n\n**Important**: These vulnerabilities might affect other operating systems and service providers. We advise customers to seek guidance from their respective vendors.\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/06/15/microsoft-releases-patches-for-the-intel-processor-mmio-stale-data-vulnerabilities-in-june-2022-patch-tuesday/>)\n\n* * *\n\n### Windows Server 2022 Azure Edition Core Hotpatch ([KB5014677](<https://support.microsoft.com/en-us/topic/june-14-2022-kb5014677-os-build-20348-770-a7a0d557-bd34-4867-bf6f-a47fbc997810>)) **OS Build 20348.770**\n\nWindows Server 2022 Azure Edition Core Hotpatch ([KB5014677](<https://support.microsoft.com/en-us/topic/june-14-2022-kb5014677-os-build-20348-770-a7a0d557-bd34-4867-bf6f-a47fbc997810>)) addresses 22 unique vulnerabilities, ranging in severity from a CVSSv3.1 score of 5.3/10 to 8.8/10, as summarized below.\n\n\n\n* * *\n\n# **Microsoft Critical and Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>) covers multiple Microsoft product families, including Azure, Developer Tools, Edge-Chromium Browser, Microsoft Office, SQL Server, System Center, and Windows.\n\nA total of 25 unique Microsoft products/versions are affected.\n\nDownloads include Azure Hotpatch, Cumulative Updates, Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>) | Windows Network File System Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely._**\n\n* * *\n\n### [CVE-2022-30157](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30157>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nIn a network-based attack, an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.\n\nThe attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**.\n\n* * *\n\n### [CVE-2022-30158](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn authenticated attacker with access to a server that has Sandboxed Code Service enabled could execute code in the context of the web service account.\n\nThe attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Unlikely_**.\n\n* * *\n\n### [CVE-2022-30165](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30165>) | Windows Kerberos Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nSystems configured to activate both of the following features in Windows Server: CredSSP (Credential Security Service Provider) and RCG (Remote Credential Guard) might be vulnerable to this exploit.\n\nAn authenticated attacker could exploit this vulnerability to elevate privileges and then spoof the Kerberos login process when a remote credential guard connection is made via CredSSP over the network.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**.\n\n* * *\n\n### [CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>) | Windows Hyper-V Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.5/10.\n\nTo exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition. \n\nIn this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30164](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30164>) | Windows Kerberos AppContainer Security Feature Bypass Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.4/10.\n\nA low privilege attacker could execute a script within an App Container to request a service ticket and thereby gain elevation to the service privilege.\n\nAn attacker could bypass the Kerberos service ticketing feature which performs user access control checks\n\nIn this case, a successful attack could be performed from a low privilege [AppContainer](<https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation>). The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nThis vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.\n\nFor more information, please see [LDAP policies](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3f0137a1-63df-400c-bf97-e1040f055a99>).\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30145](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30145>) | Windows Encrypting File System (EFS) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n## **Microsoft Last But Not Least**\n\nEarlier in June, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities on June 9 Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability ([CVE-2022-22021](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22021>)) and an additional four (4) vulnerabilities on June 13 ([CVE-2022-2011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011>), [CVE-2022-2010](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010>), [CVE-2022-2008](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008>), [CVE-2022-2007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007>)).\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released six (6) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 46 vulnerabilities affecting Adobe Animate, Bridge, Illustrator, InCopy, InDesign, and RoboHelp Server. Of these 46 vulnerabilities, 40 are rated as **_Critical_**; ranging in severity from a CVSSv3.1 score of 5.5/10 to 7.8/10, as summarized below.\n\n\n\n### [APSB22-24](<https://helpx.adobe.com/security/products/animate/apsb22-24.html>) | Security updates available for Adobe Animate\n\nThis update resolves one (1) **_Critical_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n\n* * *\n\n### [APSB22-25](<https://helpx.adobe.com/security/products/bridge/apsb22-25.html>) | Security updates available for Adobe Bridge\n\nThis update resolves 11 **_Critical_** and one (1) _**Important **_vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, and memory leak. \n\n* * *\n\n### [APSB22-26](<https://helpx.adobe.com/security/products/illustrator/apsb22-26.html>) | Security updates available for Adobe Illustrator\n\nThis update resolves 13 **_Critical_**, and four (4) **_Important _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-29](<https://helpx.adobe.com/security/products/incopy/apsb22-29.html>) | Security updates available for Adobe InCopy\n\nThis update resolves eight (8) **_Critical_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-30](<https://helpx.adobe.com/security/products/indesign/apsb22-30.html>) | Security updates available for Adobe InDesign\n\nThis update resolves seven (7) **_Critical_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-31](<https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html>) | Security updates available for RoboHelp Server\n\nThis update resolves one (1) **_Moderate_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security hotfix for RoboHelp Server 11 (Update 3) and prior releases. This hotfix resolves a security vulnerability that allows end-users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.\n\nThis update resolves a vulnerability rated [moderate](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to privilege escalation. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`45538` OR qid:`91909` OR qid:`91910` OR qid:`91911` OR qid:`91912` OR qid:`91913` OR qid:`91914` OR qid:`91915` OR qid:`91916` OR qid:`91917` OR qid:`91918` OR qid:`91919` OR qid:`110409` OR qid:`110410` OR qid:`376665` OR qid:`376666` ) \n\n\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday:\n \n \n ( qid:`45538` OR qid:`91909` OR qid:`91910` OR qid:`91911` OR qid:`91912` OR qid:`91913` OR qid:`91914` OR qid:`91915` OR qid:`91916` OR qid:`91917` OR qid:`91918` OR qid:`91919` OR qid:`110409` OR qid:`110410` OR qid:`376665` OR qid:`376666` ) \n\n\n\n* * *\n\n# \nQualys Monthly Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T20:00:00", "type": "qualysblog", "title": "June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22021", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30145", "CVE-2022-30157", "CVE-2022-30158", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30190"], "modified": "2022-06-14T20:00:00", "id": "QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2023-08-11T22:46:57", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-05T01:05:03", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-05T01:05:03", "id": "FEDORA:C6FE430979BC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LVOHGEQF56ZD3C5BZHVIWAXFM2Z3A2HV/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T22:46:57", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-03T00:22:01", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-03T00:22:01", "id": "FEDORA:63A16302C983", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T22:46:57", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-05T01:01:54", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-05T01:01:54", "id": "FEDORA:16ADB302CDBA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ACB3ENEHQ55GVZKKYER7KSRXT3HUFV7D/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2022-06-24T22:03:33", "description": "\n\nJune's Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), also known as Follina, which was observed being exploited in the wild [at the end of May](<https://www.rapid7.com/blog/post/2022/05/31/cve-2022-30190-follina-microsoft-support-diagnostic-tool-vulnerability/>). Microsoft provided [mitigation instructions](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) (disabling the MSDT URL protocol via the registry), but actual patches were not available until today\u2019s cumulative Windows Updates. Even if the mitigation was previously applied, installing the updates is highly recommended.\n\nNone of the other CVEs being addressed this month have been previously disclosed or seen exploited yet. However, it won\u2019t be long before attackers start looking at [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). Last month, Microsoft fixed a similar vulnerability ([CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>)) affecting NFS v2.0 and v3.0. [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), on the other hand, is only exploitable in NFS v4.1. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. Again, even if the mitigation has been put into place, best to patch sooner rather than later.\n\nAlso reminiscent of last month is [CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>), a critical RCE in LDAP carrying a CVSSv3 base score of 7.1, which again is only exploitable if the MaxReceiveBuffer LDAP policy value is set higher than the default. Rounding out the critical RCEs for June is [CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>), which could allow a malicious application running on a Hyper-V guest to execute code on the host OS.\n\nThe other big news this month is the end of support for Internet Explorer 11 (IE11) on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels, as Microsoft encourages users to adopt the Chromium-based Edge browser (which saw fixes for 5 CVEs this month). Internet Explorer 11 on other versions of Windows should continue receiving security updates and technical support based on the OS support lifecycle, so this is only the beginning of the end for the legacy browser.\n\n## Summary charts\n\n\n\n## Summary tables\n\n### Apps vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30168>) | Microsoft Photos App Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30137>) | Azure Service Fabric Container Elevation of Privilege Vulnerability | No | No | 6.7 | Yes \n[CVE-2022-30177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30177>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30178>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30179>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30180>) | Azure RTOS GUIX Studio Information Disclosure Vulnerability | No | No | 7.8 | Yes \n \n### Azure System Center vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149>) | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-22021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22021>) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | No | No | 8.3 | Yes \n[CVE-2022-2011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2011>) | Chromium: CVE-2022-2011 Use after free in ANGLE | No | No | N/A | Yes \n[CVE-2022-2010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2010>) | Chromium: CVE-2022-2010 Out of bounds read in compositing | No | No | N/A | Yes \n[CVE-2022-2008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2008>) | Chromium: CVE-2022-2008 Out of bounds memory access in WebGL | No | No | N/A | Yes \n[CVE-2022-2007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2007>) | Chromium: CVE-2022-2007 Use after free in WebGPU | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184>) | .NET and Visual Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n### ESU Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30140>) | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30152>) | Windows Network Address Translation (NAT) Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-30135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30135>) | Windows Media Center Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30153>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30161>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30141>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-30143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30143>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30149>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30146>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30155>) | Windows Kernel Denial of Service Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30147>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30163>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8.5 | Yes \n[CVE-2022-30142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30142>) | Windows File History Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30151>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-30160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30160>) | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30166>) | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21166>) | Intel: CVE-2022-21166 Device Register Partial Write (DRPW) | No | No | N/A | Yes \n[CVE-2022-21127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21127>) | Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) | No | No | N/A | Yes \n[CVE-2022-21125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21125>) | Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) | No | No | N/A | Yes \n[CVE-2022-21123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21123>) | Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) | No | No | N/A | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30157>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30158>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30174>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.4 | Yes \n[CVE-2022-30159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30159>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30171>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30172>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30173>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### SQL Server vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29143>) | Microsoft SQL Server Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-32230](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-32230>) | Windows SMB Denial of Service Vulnerability | No | No | N/A | Yes \n[CVE-2022-30136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30136>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-30139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30139>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30162>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30165>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30145>) | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30148>) | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30150>) | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30132>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30131>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30189>) | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-30154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30154>) | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | No | No | 5.3 | Yes \n[CVE-2022-30164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30164>) | Kerberos AppContainer Security Feature Bypass Vulnerability | No | No | 8.4 | Yes \n[CVE-2022-29111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29111>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-22018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22018>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30188>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-29119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29119>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30167>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30193>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n\u200b\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe\n\n \n\n\n_**Additional reading:**_\n\n * _[The Hidden Harm of Silent Patches](<https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/>)_\n * _[Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7](<https://www.rapid7.com/blog/post/2022/05/16/maximize-your-vm-investment-fix-vulnerabilities-faster-with-automox-rapid7/>)_\n * _[How to Strategically Scale Vendor Management and Supply Chain Security](<https://www.rapid7.com/blog/post/2022/04/26/how-to-strategically-scale-vendor-management-and-supply-chain-security/>)_\n * _[Analyzing the Attack Landscape: Rapid7\u2019s 2021 Vulnerability Intelligence Report](<https://www.rapid7.com/blog/post/2022/03/28/analyzing-the-attack-landscape-rapid7s-annual-vulnerability-intelligence-report/>) \n_", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T19:37:50", "type": "rapid7blog", "title": "Patch Tuesday - June 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22018", "CVE-2022-22021", "CVE-2022-26937", "CVE-2022-29111", "CVE-2022-29119", "CVE-2022-29143", "CVE-2022-29149", "CVE-2022-30131", "CVE-2022-30132", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30137", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30157", "CVE-2022-30158", "CVE-2022-30159", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30167", "CVE-2022-30168", "CVE-2022-30171", "CVE-2022-30172", "CVE-2022-30173", "CVE-2022-30174", "CVE-2022-30177", "CVE-2022-30178", "CVE-2022-30179", "CVE-2022-30180", "CVE-2022-30184", "CVE-2022-30188", "CVE-2022-30189", "CVE-2022-30190", "CVE-2022-30193", "CVE-2022-32230"], "modified": "2022-06-14T19:37:50", "id": "RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "href": "https://blog.rapid7.com/2022/06/14/patch-tuesday-june-2022/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-08-11T22:42:13", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-103.0.5060.53\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-103.0.5060.53\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-103.0.5060.53\"\n \n\nAll Microsoft Edge users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-103.0.5060.53\"\n \n\nAll QtWebEngine users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtwebengine-5.15.5_p20220618\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-14T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-0971", "CVE-2022-0972", "CVE-2022-0973", "CVE-2022-0974", "CVE-2022-0975", "CVE-2022-0976", "CVE-2022-0977", "CVE-2022-0978", "CVE-2022-0979", "CVE-2022-0980", "CVE-2022-1096", "CVE-2022-1125", "CVE-2022-1127", "CVE-2022-1128", "CVE-2022-1129", "CVE-2022-1130", "CVE-2022-1131", "CVE-2022-1132", "CVE-2022-1133", "CVE-2022-1134", "CVE-2022-1135", "CVE-2022-1136", "CVE-2022-1137", "CVE-2022-1138", "CVE-2022-1139", "CVE-2022-1141", "CVE-2022-1142", "CVE-2022-1143", "CVE-2022-1144", "CVE-2022-1145", "CVE-2022-1146", "CVE-2022-1232", "CVE-2022-1305", "CVE-2022-1306", "CVE-2022-1307", "CVE-2022-1308", "CVE-2022-1309", "CVE-2022-1310", "CVE-2022-1311", "CVE-2022-1312", "CVE-2022-1313", "CVE-2022-1314", "CVE-2022-1364", "CVE-2022-1477", "CVE-2022-1478", "CVE-2022-1479", "CVE-2022-1480", "CVE-2022-1481", "CVE-2022-1482", "CVE-2022-1483", "CVE-2022-1484", "CVE-2022-1485", "CVE-2022-1486", "CVE-2022-1487", "CVE-2022-1488", "CVE-2022-1489", "CVE-2022-1490", "CVE-2022-1491", "CVE-2022-1492", "CVE-2022-1493", "CVE-2022-1494", "CVE-2022-1495", "CVE-2022-1496", "CVE-2022-1497", "CVE-2022-1498", "CVE-2022-1499", "CVE-2022-1500", "CVE-2022-1501", "CVE-2022-1633", "CVE-2022-1634", "CVE-2022-1635", "CVE-2022-1636", "CVE-2022-1637", "CVE-2022-1639", "CVE-2022-1640", "CVE-2022-1641", "CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-22021", "CVE-2022-24475", "CVE-2022-24523", "CVE-2022-26891", "CVE-2022-26894", "CVE-2022-26895", "CVE-2022-26900", "CVE-2022-26905", "CVE-2022-26908", "CVE-2022-26909", "CVE-2022-26912", "CVE-2022-29144", "CVE-2022-29146", "CVE-2022-29147", "CVE-2022-30127", "CVE-2022-30128", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2022-08-14T00:00:00", "id": "GLSA-202208-25", "href": "https://security.gentoo.org/glsa/202208-25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
Debian DSA-5163-1 : chromium - security update
