logo
DATABASE RESOURCES PRICING ABOUT US

GLSA-202210-16 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

Description

The remote host is affected by the vulnerability described in GLSA-202210-16 (Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities) - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201) - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-41035) - Use after free in CSS. (CVE-2022-3304) - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306) - Use after free in Media. (CVE-2022-3307) - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308) - Use after free in Assistant. (CVE-2022-3309) - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310) - Use after free in Import. (CVE-2022-3311) - Insufficient validation of untrusted input in VPN. (CVE-2022-3312) - Incorrect security UI in Full Screen. (CVE-2022-3313) - Use after free in Logging. (CVE-2022-3314) - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-3315, CVE-2022-3316, CVE-2022-3370, CVE-2022-3373) - Insufficient validation of untrusted input in Intents. (CVE-2022-3317) - Use after free in ChromeOS Notifications. (CVE-2022-3318) - Use after free in Skia. (CVE-2022-3445) - Heap buffer overflow in WebSQL. (CVE-2022-3446) - Inappropriate implementation in Custom Tabs. (CVE-2022-3447) - Use after free in Permissions API. (CVE-2022-3448) - Use after free in Safe Browsing. (CVE-2022-3449) - Use after free in Peer Connection. (CVE-2022-3450) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related