openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)

2022-07-14T00:00:00

Description

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10057-1 advisory. - Use after free in WebGPU. (CVE-2022-2007) - Out of bounds memory access in WebGL. (CVE-2022-2008) - Out of bounds read in compositing. (CVE-2022-2010) - Use after free in ANGLE. (CVE-2022-2011) - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "OPENSUSE-2022-10057-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-07-14T00:00:00", "modified": "2023-10-25T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/163094", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2022-2008", "https://www.suse.com/security/cve/CVE-2022-2011", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294", "https://www.suse.com/security/cve/CVE-2022-2010", "http://www.nessus.org/u?d06180ba", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2010", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2011", "https://www.suse.com/security/cve/CVE-2022-2294", "https://www.suse.com/security/cve/CVE-2022-2007", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2008", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2007"], "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "immutableFields": [], "lastseen": "2023-10-28T15:09:13", "viewCount": 18, "enchantments": {"score": {"value": 9.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-2008", "ALPINE:CVE-2022-2010", "ALPINE:CVE-2022-2294"]}, {"type": "apple", "idList": ["APPLE:37AFBB95AFD80D918469C22F0A05655D", "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "APPLE:DF68F7FFE1ED4E5157204A83619C4B89"]}, {"type": "attackerkb", "idList": ["AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61"]}, {"type": "avleonov", "idList": ["AVLEONOV:B87691B304EF70215B926F66B871260A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0566"]}, {"type": "chrome", "idList": ["GCSA-5089288012050676645", "GCSA-6014598646949510537", "GCSA-7720125337817983232"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-2294"]}, {"type": "cve", "idList": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5163-1:43040", "DEBIAN:DSA-5180-1:E631C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2007", "DEBIANCVE:CVE-2022-2008", "DEBIANCVE:CVE-2022-2010", "DEBIANCVE:CVE-2022-2011", "DEBIANCVE:CVE-2022-2294"]}, {"type": "fedora", "idList": ["FEDORA:16ADB302CDBA", "FEDORA:1AA1C30A3C1B", "FEDORA:29E5830A072A", "FEDORA:63A16302C983", "FEDORA:C6FE430979BC"]}, {"type": "freebsd", "idList": ["744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "C80CE2DD-E831-11EC-BCD2-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202208-25", "GLSA-202208-35", "GLSA-202208-39"]}, {"type": "hivepro", "idList": ["HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809"]}, {"type": "kaspersky", "idList": ["KLA12556", "KLA12558", "KLA12570", "KLA12578", "KLA12579", "KLA12587"]}, {"type": "mageia", "idList": ["MGASA-2022-0232", "MGASA-2022-0287"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "MALWAREBYTES:553E789D665C7E7A1298EFE0276A4D50", "MALWAREBYTES:6E72426C60EECBEF071E305072060892"]}, {"type": "mscve", "idList": ["MS:CVE-2022-2007", "MS:CVE-2022-2008", "MS:CVE-2022-2010", "MS:CVE-2022-2011", "MS:CVE-2022-2294"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5163.NASL", "DEBIAN_DSA-5180.NASL", "FEDORA_2022-3CA063941B.NASL", "FEDORA_2022-B49C9BC07A.NASL", "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "FREEBSD_PKG_C80CE2DDE83111ECBCD23065EC8FD3EC.NASL", "GENTOO_GLSA-202208-25.NASL", "GENTOO_GLSA-202208-35.NASL", "GENTOO_GLSA-202208-39.NASL", "GOOGLE_CHROME_102_0_5005_115.NASL", "GOOGLE_CHROME_103_0_5060_114.NASL", "MACOSX_GOOGLE_CHROME_102_0_5005_115.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "MACOS_HT213345.NASL", "MICROSOFT_EDGE_CHROMIUM_102_0_1245_41.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "OPENSUSE-2022-10009-1.NASL", "OPENSUSE-2022-10055-1.NASL", "OPENSUSE-2022-10087-1.NASL", "OPENSUSE-2022-10088-1.NASL", "UBUNTU_USN-5568-1.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-5163-1", "OSV:DSA-5180-1"]}, {"type": "prion", "idList": ["PRION:CVE-2022-2007", "PRION:CVE-2022-2008", "PRION:CVE-2022-2010", "PRION:CVE-2022-2011", "PRION:CVE-2022-2294"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:058E013CF475F33D6DEBB8955340D15B", "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3", "QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3"]}, {"type": "securelist", "idList": ["SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10009-1", "OPENSUSE-SU-2022:10010-1", "OPENSUSE-SU-2022:10055-1", "OPENSUSE-SU-2022:10057-1", "OPENSUSE-SU-2022:10087-1", "OPENSUSE-SU-2022:10088-1"]}, {"type": "thn", "idList": ["THN:0ADE883013E260B4548F6E16D65487D3", "THN:222F7713CA968509F8C385BA29B0B6A5", "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "THN:5D50D5AA81EE14FA1044614364EAEBC6", "THN:80C4CCCAB293DD273948D1317EAC8B73", "THN:EDC4E93542AFAF751E67BF527C826DA4", "THN:FFFF05ECDE44C9ED26B53D328B60689B"]}, {"type": "threatpost", "idList": ["THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC"]}, {"type": "trellix", "idList": ["TRELLIX:6AC0A8EB929E0B0AC515928EFCB01642"]}, {"type": "ubuntu", "idList": ["USN-5568-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2007", "UB:CVE-2022-2008", "UB:CVE-2022-2010", "UB:CVE-2022-2011", "UB:CVE-2022-2294"]}, {"type": "veracode", "idList": ["VERACODE:36034", "VERACODE:36035", "VERACODE:36036", "VERACODE:36037", "VERACODE:36373"]}]}, "epss": [{"cve": "CVE-2022-2007", "epss": 0.00085, "percentile": 0.34691, "modified": "2023-05-02"}, {"cve": "CVE-2022-2008", "epss": 0.00083, "percentile": 0.3379, "modified": "2023-05-02"}, {"cve": "CVE-2022-2010", "epss": 0.00076, "percentile": 0.30972, "modified": "2023-05-02"}, {"cve": "CVE-2022-2011", "epss": 0.00082, "percentile": 0.3335, "modified": "2023-05-02"}, {"cve": "CVE-2022-2294", "epss": 0.00426, "percentile": 0.70531, "modified": "2023-05-02"}], "vulnersScore": 9.0}, "_state": {"score": 1698846685, "dependencies": 1698506361, "epss": 0}, "_internal": {"score_hash": "c77aa3c5f05b795c51109e281dc610ef"}, "pluginID": "163094", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10057-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163094);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/25\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2294\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d06180ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2294\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-88.0.4412.74-lp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "solution": "Update the affected opera package.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2022-2294", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-07-13T00:00:00", "vulnerabilityPublicationDate": "2022-06-09T00:00:00", "exploitableWith": []}

{"suse": [{"lastseen": "2022-11-08T04:08:17", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 88.0.4412.74:\n\n - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches\n\n Update to 88.0.4412.53\n\n - DNA-99108 [Lin] Options on video pop out not possible to change\n - DNA-99832 On automatic video popout, close button should not stop video\n - DNA-99833 Allow turning on and off of each 'BABE' section from gear\n icon\n - DNA-99852 Default browser in Mac installer\n - DNA-99993 Crashes in AudioFileReaderTest,\n FFmpegAACBitstreamConverterTest\n - DNA-100045 iFrame Exception not unblocked with Acceptable Ads\n - DNA-100291 Update snapcraft uploading/releasing in scripts to use\n craft store\n\n Changes in 88.0.4412.40\n\n - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115\n - DNA-99713 Sizing issues with video conferencing controls in PiP window\n - DNA-99831 Add 'back to tab' button like on video pop-out\n\n - The update to chromium 102.0.5005.115 fixes following issues:\n CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011\n\n Changes in 88.0.4412.27\n\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412\n - DNA-99969 Promote O88 to stable\n\n - Complete Opera 88.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-88/\n\n Update to 87.0.4390.45\n\n - DNA-99478 Top Sites don\ufffd\ufffd\ufffdt always has big icon\n - DNA-99702 Enable Acceptable Ads for stable stream\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n\n - Update to 87.0.4390.36\n - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67\n - DNA-99190 Investigate windows installer signature errors on win7\n - DNA-99502 Sidebar \ufffd\ufffd\ufffd API to open panels\n - DNA-99593 Report sad tab displayed counts per kind\n - DNA-99628 Personalized Speed Dial context menu issue fix\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10057-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T19:34:01", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium 102.0.5005.115 (boo#1200423)\n * CVE-2022-2007: Use after free in WebGPU\n * CVE-2022-2008: Out of bounds memory access in WebGL\n * CVE-2022-2010: Out of bounds read in compositing\n * CVE-2022-2011: Use after free in ANGLE\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10010=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-15T00:00:00", "type": "suse", "title": "Security update for chromium (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-15T00:00:00", "id": "OPENSUSE-SU-2022:10010-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQH6PSD7KEJELPMITIH22447OE2UFOEG/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T21:00:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.114 (boo#1201216)\n\n * CVE-2022-2294: Heap buffer overflow in WebRTC\n * CVE-2022-2295: Type Confusion in V8\n * CVE-2022-2296: Use after free in Chrome OS Shell\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10055=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10055=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10055-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n - Update to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n - Update to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix & escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n - Update to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n - Changes in 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10088=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10088-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n opera was updated to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n opera was updated to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix & escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n opera was updated to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n opera was updated to 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10087=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10087-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-03T16:57:05", "description": "An update that fixes 28 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 102.0.5005.115 (boo#1200423)\n * CVE-2022-2007: Use after free in WebGPU\n * CVE-2022-2008: Out of bounds memory access in WebGL\n * CVE-2022-2010: Out of bounds read in compositing\n * CVE-2022-2011: Use after free in ANGLE\n\n Chromium 102.0.5001.61 (boo#1199893)\n\n * CVE-2022-1853: Use after free in Indexed DB\n * CVE-2022-1854: Use after free in ANGLE\n * CVE-2022-1855: Use after free in Messaging\n * CVE-2022-1856: Use after free in User Education\n * CVE-2022-1857: Insufficient policy enforcement in File System API\n * CVE-2022-1858: Out of bounds read in DevTools\n * CVE-2022-1859: Use after free in Performance Manager\n * CVE-2022-1860: Use after free in UI Foundations\n * CVE-2022-1861: Use after free in Sharing\n * CVE-2022-1862: Inappropriate implementation in Extensions\n * CVE-2022-1863: Use after free in Tab Groups\n * CVE-2022-1864: Use after free in WebApp Installs\n * CVE-2022-1865: Use after free in Bookmarks\n * CVE-2022-1866: Use after free in Tablet Mode\n * CVE-2022-1867: Insufficient validation of untrusted input in Data\n Transfer\n * CVE-2022-1868: Inappropriate implementation in Extensions API\n * CVE-2022-1869: Type Confusion in V8\n * CVE-2022-1870: Use after free in App Service\n * CVE-2022-1871: Insufficient policy enforcement in File System API\n * CVE-2022-1872: Insufficient policy enforcement in Extensions API\n * CVE-2022-1873: Insufficient policy enforcement in COOP\n * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing\n * CVE-2022-1875: Inappropriate implementation in PDF\n * CVE-2022-1876: Heap buffer overflow in DevTools\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10009=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-06-15T00:00:00", "type": "suse", "title": "Security update for chromium (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-15T00:00:00", "id": "OPENSUSE-SU-2022:10009-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RUXRSXC3TACZ74MCVMECNI7P2X6JM2NF/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-10-05T15:14:49", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected by multiple vulnerabilities as referenced in the June 13, 2022 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-13T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_102_0_1245_41.NASL", "href": "https://www.tenable.com/plugins/nessus/162168", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162168);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 102.0.1245.41 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 102.0.1245.41. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 13, 2022 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-13-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c00d2c8a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 102.0.1245.41 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '102.0.1245.41' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:13:44", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C80CE2DDE83111ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/161988", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161988);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?401fd0d4\");\n # https://vuxml.freebsd.org/freebsd/c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b40f6a9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<102.0.5005.115'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:13:52", "description": "The version of Google Chrome installed on the remote macOS host is prior to 102.0.5005.115. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 102.0.5005.115 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_102_0_5005_115.NASL", "href": "https://www.tenable.com/plugins/nessus/161980", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161980);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Google Chrome < 102.0.5005.115 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 102.0.5005.115. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?401fd0d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1326210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1325298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330379\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 102.0.5005.115 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'102.0.5005.115', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:13:52", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5163 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-13T00:00:00", "type": "nessus", "title": "Debian DSA-5163-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5163.NASL", "href": "https://www.tenable.com/plugins/nessus/162152", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5163. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162152);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Debian DSA-5163-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5163 advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 102.0.5005.115-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '102.0.5005.115-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '102.0.5005.115-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:13:52", "description": "The version of Google Chrome installed on the remote Windows host is prior to 102.0.5005.115. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 102.0.5005.115 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_102_0_5005_115.NASL", "href": "https://www.tenable.com/plugins/nessus/161979", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161979);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"Google Chrome < 102.0.5005.115 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 102.0.5005.115. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop advisory.\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?401fd0d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1326210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1325298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330379\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 102.0.5005.115 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'102.0.5005.115', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:10:05", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-10-19T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "href": "https://www.tenable.com/plugins/nessus/162776", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162776);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/19\");\n\n script_cve_id(\"CVE-2022-2294\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected\nby a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-6-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c255ed38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 103.0.1264.49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '103.0.1264.49' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:10:31", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10055-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163078", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10055-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163078);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201216\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7dcbbe96\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:12", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/162839", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162839);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n # https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f39f44de\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<103.0.5060.114'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:35", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Debian DSA-5180-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5180.NASL", "href": "https://www.tenable.com/plugins/nessus/163024", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5180. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Debian DSA-5180-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.114-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '103.0.5060.114-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:12:58", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-5568-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164124", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5568-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164124);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"USN\", value:\"5568-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5568-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:12", "description": "The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162705", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162705);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:11", "description": "The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162706", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162706);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-29T15:30:13", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2022-10088-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164144", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10088-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164144);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2a5cb63\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp154.2.14.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:11:28", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10087-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164134", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10087-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164134);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05668353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp153.2.54.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:14:39", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10009-1 advisory.\n\n - Use after free in Indexed DB. (CVE-2022-1853)\n\n - Use after free in ANGLE. (CVE-2022-1854, CVE-2022-2011)\n\n - Use after free in Messaging. (CVE-2022-1855)\n\n - Use after free in User Education. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-1857, CVE-2022-1871)\n\n - Out of bounds read in DevTools. (CVE-2022-1858)\n\n - Use after free in Performance Manager. (CVE-2022-1859)\n\n - Use after free in UI Foundations. (CVE-2022-1860)\n\n - Use after free in Sharing. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions. (CVE-2022-1862)\n\n - Use after free in Tab Groups. (CVE-2022-1863)\n\n - Use after free in WebApp Installs. (CVE-2022-1864)\n\n - Use after free in Bookmarks. (CVE-2022-1865)\n\n - Use after free in Tablet Mode. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-1868)\n\n - Type Confusion in V8. (CVE-2022-1869)\n\n - Use after free in App Service. (CVE-2022-1870)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools. (CVE-2022-1876)\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10009-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10009-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162322", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10009-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162322);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-1853\",\n \"CVE-2022-1854\",\n \"CVE-2022-1855\",\n \"CVE-2022-1856\",\n \"CVE-2022-1857\",\n \"CVE-2022-1858\",\n \"CVE-2022-1859\",\n \"CVE-2022-1860\",\n \"CVE-2022-1861\",\n \"CVE-2022-1862\",\n \"CVE-2022-1863\",\n \"CVE-2022-1864\",\n \"CVE-2022-1865\",\n \"CVE-2022-1866\",\n \"CVE-2022-1867\",\n \"CVE-2022-1868\",\n \"CVE-2022-1869\",\n \"CVE-2022-1870\",\n \"CVE-2022-1871\",\n \"CVE-2022-1872\",\n \"CVE-2022-1873\",\n \"CVE-2022-1874\",\n \"CVE-2022-1875\",\n \"CVE-2022-1876\",\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0231-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10009-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10009-1 advisory.\n\n - Use after free in Indexed DB. (CVE-2022-1853)\n\n - Use after free in ANGLE. (CVE-2022-1854, CVE-2022-2011)\n\n - Use after free in Messaging. (CVE-2022-1855)\n\n - Use after free in User Education. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-1857, CVE-2022-1871)\n\n - Out of bounds read in DevTools. (CVE-2022-1858)\n\n - Use after free in Performance Manager. (CVE-2022-1859)\n\n - Use after free in UI Foundations. (CVE-2022-1860)\n\n - Use after free in Sharing. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions. (CVE-2022-1862)\n\n - Use after free in Tab Groups. (CVE-2022-1863)\n\n - Use after free in WebApp Installs. (CVE-2022-1864)\n\n - Use after free in Bookmarks. (CVE-2022-1865)\n\n - Use after free in Tablet Mode. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-1868)\n\n - Type Confusion in V8. (CVE-2022-1869)\n\n - Use after free in App Service. (CVE-2022-1870)\n\n - Insufficient policy enforcement in Extensions API. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools. (CVE-2022-1876)\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200423\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RUXRSXC3TACZ74MCVMECNI7P2X6JM2NF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea5b2420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2011\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-102.0.5005.115-bp153.2.101.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-102.0.5005.115-bp153.2.101.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-102.0.5005.115-bp153.2.101.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-102.0.5005.115-bp153.2.101.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:12:58", "description": "The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-39.NASL", "href": "https://www.tenable.com/plugins/nessus/164535", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-39.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164535);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/31\");\n\n script_cve_id(\n \"CVE-2022-2294\",\n \"CVE-2022-22589\",\n \"CVE-2022-22590\",\n \"CVE-2022-22592\",\n \"CVE-2022-22620\",\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-22677\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-30294\",\n \"CVE-2022-32784\",\n \"CVE-2022-32792\",\n \"CVE-2022-32893\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/02/25\");\n\n script_name(english:\"GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted\n mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS\n 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content\n may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a\n duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS\n 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content\n may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively\n exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-39\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=839984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=856445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=861740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866494\");\n script_set_attribute(attribute:\"solution\", value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.36.7\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"net-libs/webkit-gtk\",\n 'unaffected' : make_list(\"ge 2.36.7\", \"lt 2.0.0\"),\n 'vulnerable' : make_list(\"lt 2.36.7\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:55:21", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b49c9bc07a advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 36 : chromium (2022-b49c9bc07a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2022-B49C9BC07A.NASL", "href": "https://www.tenable.com/plugins/nessus/169151", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-b49c9bc07a\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169151);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\",\n \"CVE-2022-3195\",\n \"CVE-2022-3196\",\n \"CVE-2022-3197\",\n \"CVE-2022-3198\",\n \"CVE-2022-3199\",\n \"CVE-2022-3200\",\n \"CVE-2022-3201\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n script_xref(name:\"FEDORA\", value:\"2022-b49c9bc07a\");\n\n script_name(english:\"Fedora 36 : chromium (2022-b49c9bc07a)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-b49c9bc07a advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote\n attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101\n allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote\n attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an\n attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via\n a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52\n allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a\n remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed\n a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196,\n CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-b49c9bc07a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3200\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-105.0.5195.125-2.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:54:37", "description": "The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-3ca063941b advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 35 : chromium (2022-3ca063941b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2022-3CA063941B.NASL", "href": "https://www.tenable.com/plugins/nessus/169098", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-3ca063941b\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169098);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-3038\",\n \"CVE-2022-3039\",\n \"CVE-2022-3040\",\n \"CVE-2022-3041\",\n \"CVE-2022-3042\",\n \"CVE-2022-3043\",\n \"CVE-2022-3044\",\n \"CVE-2022-3045\",\n \"CVE-2022-3046\",\n \"CVE-2022-3047\",\n \"CVE-2022-3048\",\n \"CVE-2022-3049\",\n \"CVE-2022-3050\",\n \"CVE-2022-3051\",\n \"CVE-2022-3052\",\n \"CVE-2022-3053\",\n \"CVE-2022-3054\",\n \"CVE-2022-3055\",\n \"CVE-2022-3056\",\n \"CVE-2022-3057\",\n \"CVE-2022-3058\",\n \"CVE-2022-3071\",\n \"CVE-2022-3075\",\n \"CVE-2022-3195\",\n \"CVE-2022-3196\",\n \"CVE-2022-3197\",\n \"CVE-2022-3198\",\n \"CVE-2022-3199\",\n \"CVE-2022-3200\",\n \"CVE-2022-3201\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/04/20\");\n script_xref(name:\"FEDORA\", value:\"2022-3ca063941b\");\n\n script_name(english:\"Fedora 35 : chromium (2022-3ca063941b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-3ca063941b advisory.\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2008)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote\n attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted\n HTML page. (CVE-2022-2853)\n\n - Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2854)\n\n - Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101\n allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n (CVE-2022-2856)\n\n - Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to\n potentially exploit heap corruption via specific UI interaction. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n UI interactions. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote\n attacker to bypass cookie prefix restrictions via a crafted HTML page. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an\n attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via\n a crafted HTML page. (CVE-2022-2861)\n\n - Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3038)\n\n - Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3039, CVE-2022-3041)\n\n - Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-3040)\n\n - Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3042)\n\n - Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3043)\n\n - Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.\n (CVE-2022-3044)\n\n - Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3045)\n\n - Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-3046)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-3047)\n\n - Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52\n allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.\n (CVE-2022-3048)\n\n - Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-3049)\n\n - Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interactions. (CVE-2022-3050)\n\n - Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a\n remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap\n corruption via crafted UI interactions. (CVE-2022-3051)\n\n - Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via crafted UI interactions. (CVE-2022-3052)\n\n - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a\n remote attacker to restrict user navigation via a crafted HTML page. (CVE-2022-3053)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-3054)\n\n - Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-3055)\n\n - Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed\n a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-3056)\n\n - Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-3057)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted\n UI interaction. (CVE-2022-3058)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via crafted UI interaction. (CVE-2022-3071)\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\n - Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3195)\n\n - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2022-3196,\n CVE-2022-3197, CVE-2022-3198)\n\n - Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3199)\n\n - Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3200)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-3ca063941b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3200\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-105.0.5195.125-2.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:48:53", "description": "The remote host is affected by the vulnerability described in GLSA-202208-35 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-33636)\n\n - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2022-33649)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-35796)\n\n - Use after free in FedCM. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads. (CVE-2022-2853)\n\n - Use after free in SwiftShader. (CVE-2022-2854)\n\n - Use after free in ANGLE. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\n - Use after free in Blink. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-21T00:00:00", "type": "nessus", "title": "GLSA-202208-35 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-35796"], "modified": "2023-10-25T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:chromium-bin", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-35.NASL", "href": "https://www.tenable.com/plugins/nessus/164320", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-35.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164320);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/25\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-33636\",\n \"CVE-2022-33649\",\n \"CVE-2022-35796\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"GLSA-202208-35 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-35 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-33636)\n\n - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2022-33649)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-35796)\n\n - Use after free in FedCM. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads. (CVE-2022-2853)\n\n - Use after free in SwiftShader. (CVE-2022-2854)\n\n - Use after free in ANGLE. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\n - Use after free in Blink. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-35\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=858104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=859442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=863512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=865501\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-104.0.5112.101\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-104.0.5112.101\n \nAll Google Chrome users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-104.0.5112.101\n \nAll Microsoft Edge users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/microsoft-edge-104.0.1293.63\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33649\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/chromium-bin\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/microsoft-edge\",\n 'unaffected' : make_list(\"ge 104.0.1293.63\"),\n 'vulnerable' : make_list(\"lt 104.0.1293.63\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome / Microsoft Edge\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:12:57", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.5 (HT213345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213345.NASL", "href": "https://www.tenable.com/plugins/nessus/164291", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164291);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2021-28544\",\n \"CVE-2022-2294\",\n \"CVE-2022-24070\",\n \"CVE-2022-26981\",\n \"CVE-2022-29046\",\n \"CVE-2022-29048\",\n \"CVE-2022-32785\",\n \"CVE-2022-32786\",\n \"CVE-2022-32787\",\n \"CVE-2022-32789\",\n \"CVE-2022-32792\",\n \"CVE-2022-32793\",\n \"CVE-2022-32796\",\n \"CVE-2022-32797\",\n \"CVE-2022-32798\",\n \"CVE-2022-32799\",\n \"CVE-2022-32800\",\n \"CVE-2022-32801\",\n \"CVE-2022-32805\",\n \"CVE-2022-32807\",\n \"CVE-2022-32810\",\n \"CVE-2022-32811\",\n \"CVE-2022-32812\",\n \"CVE-2022-32813\",\n \"CVE-2022-32814\",\n \"CVE-2022-32815\",\n \"CVE-2022-32816\",\n \"CVE-2022-32817\",\n \"CVE-2022-32818\",\n \"CVE-2022-32819\",\n \"CVE-2022-32820\",\n \"CVE-2022-32821\",\n \"CVE-2022-32823\",\n \"CVE-2022-32825\",\n \"CVE-2022-32826\",\n \"CVE-2022-32828\",\n \"CVE-2022-32829\",\n \"CVE-2022-32831\",\n \"CVE-2022-32832\",\n \"CVE-2022-32834\",\n \"CVE-2022-32837\",\n \"CVE-2022-32838\",\n \"CVE-2022-32839\",\n \"CVE-2022-32840\",\n \"CVE-2022-32841\",\n \"CVE-2022-32842\",\n \"CVE-2022-32843\",\n \"CVE-2022-32845\",\n \"CVE-2022-32847\",\n \"CVE-2022-32848\",\n \"CVE-2022-32849\",\n \"CVE-2022-32851\",\n \"CVE-2022-32852\",\n \"CVE-2022-32853\",\n \"CVE-2022-32857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213345\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-07-20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0295-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"macOS 12.x < 12.5 (HT213345)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26981\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.5', \n 'fixed_display': 'macOS Monterey 12.5'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:00:47", "description": "The remote host is affected by the vulnerability described in GLSA-202208-25 (Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)\n\n - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790)\n\n - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.\n (CVE-2022-0791)\n\n - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)\n\n - Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-0793)\n\n - Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0794)\n\n - Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0795)\n\n - Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0796)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2022-0797)\n\n - Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-0798)\n\n - Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.\n (CVE-2022-0799)\n\n - Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0800)\n\n - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0802, CVE-2022-0804)\n\n - Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0803)\n\n - Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. (CVE-2022-0805)\n\n - Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. (CVE-2022-0806)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0807)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808)\n\n - Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0809)\n\n - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0971)\n\n - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0972)\n\n - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)\n\n - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974)\n\n - Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0975, CVE-2022-0978)\n\n - Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0976)\n\n - Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0977)\n\n - Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0979)\n\n - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980)\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\n - Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.\n (CVE-2022-1125)\n\n - Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. (CVE-2022-1127)\n\n - Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.\n (CVE-2022-1128)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2022-1129)\n\n - Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. (CVE-2022-1130)\n\n - Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1131)\n\n - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.\n (CVE-2022-1132)\n\n - Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1133)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1134)\n\n - Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. (CVE-2022-1135)\n\n - Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. (CVE-2022-1136)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. (CVE-2022-1137)\n\n - Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1138)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1139)\n\n - Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture. (CVE-2022-1141)\n\n - Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. (CVE-2022-1142, CVE-2022-1143)\n\n - Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. (CVE-2022-1144)\n\n - Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction. (CVE-2022-1145)\n\n - Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1146)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1232)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1305)\n\n - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306)\n\n - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307)\n\n - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1308)\n\n - Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1309)\n\n - Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1310)\n\n - Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1311)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.\n (CVE-2022-1312)\n\n - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1314)\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\n - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1477)\n\n - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1479)\n\n - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1481)\n\n - Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1482)\n\n - Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1483)\n\n - Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1484)\n\n - Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1485)\n\n - Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-1486)\n\n - Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. (CVE-2022-1487)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (CVE-2022-1488)\n\n - Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.\n (CVE-2022-1489)\n\n - Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1490)\n\n - Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1491)\n\n - Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. (CVE-2022-1492)\n\n - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493)\n\n - Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. (CVE-2022-1494)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. (CVE-2022-1495)\n\n - Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1496)\n\n - Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. (CVE-2022-1497)\n\n - Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1498)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2022-1499)\n\n - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-1500)\n\n - Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1501)\n\n - Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1633)\n\n - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1634)\n\n - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1635)\n\n - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636)\n\n - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1639)\n\n - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1640)\n\n - Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. (CVE-2022-1641)\n\n - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1854)\n\n - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855)\n\n - Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (CVE-2022-1857)\n\n - Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. (CVE-2022-1858)\n\n - Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1859)\n\n - Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1860)\n\n - Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.\n (CVE-2022-1862)\n\n - Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1863)\n\n - Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1864)\n\n - Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1865)\n\n - Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-1868)\n\n - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1869)\n\n - Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-1870)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. (CVE-2022-1871)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1876)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\n - Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2022-2165)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-24475)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523, CVE-2022-26905)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26891)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26894)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26895)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26900)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26908)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912. (CVE-2022-26909)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909. (CVE-2022-26912)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. (CVE-2022-30127)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. (CVE-2022-30128)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. (CVE-2022-30192)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. (CVE-2022-33638)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-0801) \n - Please review the referenced CVE identifiers for details. (CVE-2022-29144, CVE-2022-29146, CVE-2022-29147)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "GLSA-202208-25 : Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30551", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-0971", "CVE-2022-0972", "CVE-2022-0973", "CVE-2022-0974", "CVE-2022-0975", "CVE-2022-0976", "CVE-2022-0977", "CVE-2022-0978", "CVE-2022-0979", "CVE-2022-0980", "CVE-2022-1096", "CVE-2022-1125", "CVE-2022-1127", "CVE-2022-1128", "CVE-2022-1129", "CVE-2022-1130", "CVE-2022-1131", "CVE-2022-1132", "CVE-2022-1133", "CVE-2022-1134", "CVE-2022-1135", "CVE-2022-1136", "CVE-2022-1137", "CVE-2022-1138", "CVE-2022-1139", "CVE-2022-1141", "CVE-2022-1142", "CVE-2022-1143", "CVE-2022-1144", "CVE-2022-1145", "CVE-2022-1146", "CVE-2022-1232", "CVE-2022-1305", "CVE-2022-1306", "CVE-2022-1307", "CVE-2022-1308", "CVE-2022-1309", "CVE-2022-1310", "CVE-2022-1311", "CVE-2022-1312", "CVE-2022-1313", "CVE-2022-1314", "CVE-2022-1364", "CVE-2022-1477", "CVE-2022-1478", "CVE-2022-1479", "CVE-2022-1481", "CVE-2022-1482", "CVE-2022-1483", "CVE-2022-1484", "CVE-2022-1485", "CVE-2022-1486", "CVE-2022-1487", "CVE-2022-1488", "CVE-2022-1489", "CVE-2022-1490", "CVE-2022-1491", "CVE-2022-1492", "CVE-2022-1493", "CVE-2022-1494", "CVE-2022-1495", "CVE-2022-1496", "CVE-2022-1497", "CVE-2022-1498", "CVE-2022-1499", "CVE-2022-1500", "CVE-2022-1501", "CVE-2022-1633", "CVE-2022-1634", "CVE-2022-1635", "CVE-2022-1636", "CVE-2022-1637", "CVE-2022-1639", "CVE-2022-1640", "CVE-2022-1641", "CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-22021", "CVE-2022-24475", "CVE-2022-24523", "CVE-2022-26891", "CVE-2022-26894", "CVE-2022-26895", "CVE-2022-26900", "CVE-2022-26905", "CVE-2022-26908", "CVE-2022-26909", "CVE-2022-26912", "CVE-2022-29144", "CVE-2022-29146", "CVE-2022-29147", "CVE-2022-30127", "CVE-2022-30128", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2023-10-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "p-cpe:/a:gentoo:linux:qtwebengine", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-25.NASL", "href": "https://www.tenable.com/plugins/nessus/164112", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-25.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164112);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-4052\",\n \"CVE-2021-4053\",\n \"CVE-2021-4054\",\n \"CVE-2021-4055\",\n \"CVE-2021-4056\",\n \"CVE-2021-4057\",\n \"CVE-2021-4058\",\n \"CVE-2021-4059\",\n \"CVE-2021-4061\",\n \"CVE-2021-4062\",\n \"CVE-2021-4063\",\n \"CVE-2021-4064\",\n \"CVE-2021-4065\",\n \"CVE-2021-4066\",\n \"CVE-2021-4067\",\n \"CVE-2021-4068\",\n \"CVE-2021-4078\",\n \"CVE-2021-4079\",\n \"CVE-2021-30551\",\n \"CVE-2022-0789\",\n \"CVE-2022-0790\",\n \"CVE-2022-0791\",\n \"CVE-2022-0792\",\n \"CVE-2022-0793\",\n \"CVE-2022-0794\",\n \"CVE-2022-0795\",\n \"CVE-2022-0796\",\n \"CVE-2022-0797\",\n \"CVE-2022-0798\",\n \"CVE-2022-0799\",\n \"CVE-2022-0800\",\n \"CVE-2022-0801\",\n \"CVE-2022-0802\",\n \"CVE-2022-0803\",\n \"CVE-2022-0804\",\n \"CVE-2022-0805\",\n \"CVE-2022-0806\",\n \"CVE-2022-0807\",\n \"CVE-2022-0808\",\n \"CVE-2022-0809\",\n \"CVE-2022-0971\",\n \"CVE-2022-0972\",\n \"CVE-2022-0973\",\n \"CVE-2022-0974\",\n \"CVE-2022-0975\",\n \"CVE-2022-0976\",\n \"CVE-2022-0977\",\n \"CVE-2022-0978\",\n \"CVE-2022-0979\",\n \"CVE-2022-0980\",\n \"CVE-2022-1096\",\n \"CVE-2022-1125\",\n \"CVE-2022-1127\",\n \"CVE-2022-1128\",\n \"CVE-2022-1129\",\n \"CVE-2022-1130\",\n \"CVE-2022-1131\",\n \"CVE-2022-1132\",\n \"CVE-2022-1133\",\n \"CVE-2022-1134\",\n \"CVE-2022-1135\",\n \"CVE-2022-1136\",\n \"CVE-2022-1137\",\n \"CVE-2022-1138\",\n \"CVE-2022-1139\",\n \"CVE-2022-1141\",\n \"CVE-2022-1142\",\n \"CVE-2022-1143\",\n \"CVE-2022-1144\",\n \"CVE-2022-1145\",\n \"CVE-2022-1146\",\n \"CVE-2022-1232\",\n \"CVE-2022-1305\",\n \"CVE-2022-1306\",\n \"CVE-2022-1307\",\n \"CVE-2022-1308\",\n \"CVE-2022-1309\",\n \"CVE-2022-1310\",\n \"CVE-2022-1311\",\n \"CVE-2022-1312\",\n \"CVE-2022-1313\",\n \"CVE-2022-1314\",\n \"CVE-2022-1364\",\n \"CVE-2022-1477\",\n \"CVE-2022-1478\",\n \"CVE-2022-1479\",\n \"CVE-2022-1481\",\n \"CVE-2022-1482\",\n \"CVE-2022-1483\",\n \"CVE-2022-1484\",\n \"CVE-2022-1485\",\n \"CVE-2022-1486\",\n \"CVE-2022-1487\",\n \"CVE-2022-1488\",\n \"CVE-2022-1489\",\n \"CVE-2022-1490\",\n \"CVE-2022-1491\",\n \"CVE-2022-1492\",\n \"CVE-2022-1493\",\n \"CVE-2022-1494\",\n \"CVE-2022-1495\",\n \"CVE-2022-1496\",\n \"CVE-2022-1497\",\n \"CVE-2022-1498\",\n \"CVE-2022-1499\",\n \"CVE-2022-1500\",\n \"CVE-2022-1501\",\n \"CVE-2022-1633\",\n \"CVE-2022-1634\",\n \"CVE-2022-1635\",\n \"CVE-2022-1636\",\n \"CVE-2022-1637\",\n \"CVE-2022-1639\",\n \"CVE-2022-1640\",\n \"CVE-2022-1641\",\n \"CVE-2022-1853\",\n \"CVE-2022-1854\",\n \"CVE-2022-1855\",\n \"CVE-2022-1856\",\n \"CVE-2022-1857\",\n \"CVE-2022-1858\",\n \"CVE-2022-1859\",\n \"CVE-2022-1860\",\n \"CVE-2022-1861\",\n \"CVE-2022-1862\",\n \"CVE-2022-1863\",\n \"CVE-2022-1864\",\n \"CVE-2022-1865\",\n \"CVE-2022-1866\",\n \"CVE-2022-1867\",\n \"CVE-2022-1868\",\n \"CVE-2022-1869\",\n \"CVE-2022-1870\",\n \"CVE-2022-1871\",\n \"CVE-2022-1872\",\n \"CVE-2022-1873\",\n \"CVE-2022-1874\",\n \"CVE-2022-1875\",\n \"CVE-2022-1876\",\n \"CVE-2022-2007\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\",\n \"CVE-2022-22021\",\n \"CVE-2022-24475\",\n \"CVE-2022-24523\",\n \"CVE-2022-26891\",\n \"CVE-2022-26894\",\n \"CVE-2022-26895\",\n \"CVE-2022-26900\",\n \"CVE-2022-26905\",\n \"CVE-2022-26908\",\n \"CVE-2022-26909\",\n \"CVE-2022-26912\",\n \"CVE-2022-29144\",\n \"CVE-2022-29146\",\n \"CVE-2022-29147\",\n \"CVE-2022-30127\",\n \"CVE-2022-30128\",\n \"CVE-2022-30192\",\n \"CVE-2022-33638\",\n \"CVE-2022-33639\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"IAVA\", value:\"2021-A-0544-S\");\n\n script_name(english:\"GLSA-202208-25 : Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-25 (Chromium, Google Chrome, Microsoft Edge,\nQtWebEngine: Multiple Vulnerabilities)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user\n to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)\n\n - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a\n user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML\n page. (CVE-2022-0790)\n\n - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via user interactions.\n (CVE-2022-0791)\n\n - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)\n\n - Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to\n install a malicious extension and engage in specific user interaction to potentially exploit heap\n corruption via a crafted Chrome Extension. (CVE-2022-0793)\n\n - Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced\n a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2022-0794)\n\n - Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0795)\n\n - Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0796)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (CVE-2022-0797)\n\n - Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension. (CVE-2022-0798)\n\n - Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a\n remote attacker to perform local privilege escalation via a crafted offline installer file.\n (CVE-2022-0799)\n\n - Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-0800)\n\n - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed\n a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0802,\n CVE-2022-0804)\n\n - Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote\n attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0803)\n\n - Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via user\n interaction. (CVE-2022-0805)\n\n - Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user\n to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. (CVE-2022-0806)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0807)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote\n attacker who convinced a user to engage in a series of user interaction to potentially exploit heap\n corruption via user interactions. (CVE-2022-0808)\n\n - Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0809)\n\n - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0971)\n\n - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0972)\n\n - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)\n\n - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0974)\n\n - Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0975, CVE-2022-0978)\n\n - Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0976)\n\n - Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker\n who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-0977)\n\n - Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0979)\n\n - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific user\n interactions. (CVE-2022-0980)\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\n - Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced\n a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.\n (CVE-2022-1125)\n\n - Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via user\n interaction. (CVE-2022-1127)\n\n - Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed\n an attacker on the local network segment to leak cross-origin data via a crafted HTML page.\n (CVE-2022-1128)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2022-1129)\n\n - Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60\n allowed a remote attacker to send arbitrary intents from any app via a malicious app. (CVE-2022-1130)\n\n - Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1131)\n\n - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60\n allowed a local attacker to bypass navigation restrictions via physical access to the device.\n (CVE-2022-1132)\n\n - Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1133)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1134)\n\n - Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to\n potentially exploit heap corruption via standard feature user interaction. (CVE-2022-1135)\n\n - Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific set of user\n gestures. (CVE-2022-1136)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who\n convinced a user to install a malicious extension to leak potentially sensitive information via a crafted\n HTML page. (CVE-2022-1137)\n\n - Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote\n attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a\n crafted HTML page. (CVE-2022-1138)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1139)\n\n - Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via\n specific user gesture. (CVE-2022-1141)\n\n - Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via\n specific input into DevTools. (CVE-2022-1142, CVE-2022-1143)\n\n - Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a\n user to engage in specific user interaction to potentially exploit heap corruption via specific input into\n DevTools. (CVE-2022-1144)\n\n - Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific user interaction\n and profile destruction. (CVE-2022-1145)\n\n - Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1146)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1232)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1305)\n\n - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote\n attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306)\n\n - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307)\n\n - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1308)\n\n - Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a\n remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1309)\n\n - Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1310)\n\n - Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1311)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user\n to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.\n (CVE-2022-1312)\n\n - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1314)\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\n - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1477)\n\n - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1479)\n\n - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1481)\n\n - Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1482)\n\n - Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1483)\n\n - Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1484)\n\n - Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1485)\n\n - Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-1486)\n\n - Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via running a Wayland test. (CVE-2022-1487)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker\n who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome\n Extension. (CVE-2022-1488)\n\n - Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41\n allowed a remote attacker to potentially exploit heap corruption via specific user interactions.\n (CVE-2022-1489)\n\n - Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1490)\n\n - Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1491)\n\n - Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to inject arbitrary scripts or HTML via a crafted HTML page. (CVE-2022-1492)\n\n - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493)\n\n - Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass trusted types policy via a crafted HTML page. (CVE-2022-1494)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote\n attacker to spoof the APK downloads dialog via a crafted HTML page. (CVE-2022-1495)\n\n - Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1496)\n\n - Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n spoof the contents of cross-origin websites via a crafted HTML page. (CVE-2022-1497)\n\n - Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1498)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass same origin policy via a crafted HTML page. (CVE-2022-1499)\n\n - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass content security policy via a crafted HTML page. (CVE-2022-1500)\n\n - Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2022-1501)\n\n - Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via specific user interactions. (CVE-2022-1633)\n\n - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had\n convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific\n user interactions. (CVE-2022-1634)\n\n - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n user interactions. (CVE-2022-1635)\n\n - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636)\n\n - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1639)\n\n - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced\n a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2022-1640)\n\n - Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via specific user interaction. (CVE-2022-1641)\n\n - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1854)\n\n - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855)\n\n - Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension or specific user interaction. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a\n remote attacker to bypass file system restrictions via a crafted HTML page. (CVE-2022-1857)\n\n - Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n perform an out of bounds memory read via specific user interaction. (CVE-2022-1858)\n\n - Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker\n who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1859)\n\n - Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via specific user interactions. (CVE-2022-1860)\n\n - Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker\n who convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific user interaction. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who\n convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.\n (CVE-2022-1862)\n\n - Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension and specific user interaction. (CVE-2022-1863)\n\n - Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension and specific user interaction. (CVE-2022-1864)\n\n - Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension and specific user interaction. (CVE-2022-1865)\n\n - Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific user interactions. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61\n allowed a remote attacker to bypass same origin policy via a crafted clipboard content. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker\n who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML\n page. (CVE-2022-1868)\n\n - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1869)\n\n - Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension. (CVE-2022-1870)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an\n attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted\n HTML page. (CVE-2022-1871)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a\n remote attacker to bypass downloads protection policy via a crafted HTML page. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1876)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an\n attacker who convinced a user to install a malicious extension to obtain potentially sensitive information\n from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\n - Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n convinced the user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53\n allowed a remote attacker to bypass file system access via a crafted HTML page. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker\n who convinced a user to install a malicious extension to bypass discretionary access control via a crafted\n HTML page. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote\n attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2022-2165)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-24475)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523, CVE-2022-26905)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26891)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26894)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26895)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26900)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26908)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908,\n CVE-2022-26912. (CVE-2022-26909)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908,\n CVE-2022-26909. (CVE-2022-26912)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30128. (CVE-2022-30127)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30127. (CVE-2022-30128)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-33638, CVE-2022-33639. (CVE-2022-30192)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30192, CVE-2022-33639. (CVE-2022-33638)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-0801)\n \n - Please review the referenced CVE identifiers for details. (CVE-2022-29144, CVE-2022-29146,\n CVE-2022-29147)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-25\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=773040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=787950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=800181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=810781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=815397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=828519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=834477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=841371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=847370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=847613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=848864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=851003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=851009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=853229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=853643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=854372\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-103.0.5060.53\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-103.0.5060.53\n \nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-103.0.5060.53\n \nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-103.0.5060.53\n \nAll QtWebEngine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=dev-qt/qtwebengine-5.15.5_p20220618\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0809\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"dev-qt/qtwebengine\",\n 'unaffected' : make_list(\"ge 5.15.5_p20220618\"),\n 'vulnerable' : make_list(\"lt 5.15.5_p20220618\")\n },\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 103.0.5060.53\"),\n 'vulnerable' : make_list(\"lt 103.0.5060.53\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 103.0.5060.53\"),\n 'vulnerable' : make_list(\"lt 103.0.5060.53\")\n },\n {\n 'name' : \"www-client/microsoft-edge\",\n 'unaffected' : make_list(\"ge 101.0.1210.47\"),\n 'vulnerable' : make_list(\"lt 101.0.1210.47\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome / Microsoft Edge / QtWebEngine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:48:57", "description": "The remote host is affected by the vulnerability described in GLSA-202311-11 (QtWebEngine: Multiple Vulnerabilities)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174)\n\n - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175)\n\n - Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) (CVE-2022-4176)\n\n - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178)\n\n - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4179)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4180)\n\n - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182)\n\n - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184)\n\n - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4185)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4187)\n\n - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189)\n\n - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190)\n\n - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191)\n\n - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4193)\n\n - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195)\n\n - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4436)\n\n - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4437)\n\n - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4438)\n\n - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) (CVE-2022-4439)\n\n - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4440)\n\n - Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability (CVE-2022-41115)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-44688)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2022-44708, CVE-2023-21796)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0128)\n\n - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (Chromium security severity: Medium) (CVE-2023-0130)\n\n - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2023-0131)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133)\n\n - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136)\n\n - Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0137)\n\n - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139)\n\n - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141)\n\n - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-2721)\n\n - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-2722)\n\n - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2723)\n\n - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)\n\n - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2725)\n\n - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2726)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2929)\n\n - Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2930)\n\n - Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2023-2931, CVE-2023-2932, CVE-2023-2933)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2934)\n\n - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2935, CVE-2023-2936)\n\n - Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2937, CVE-2023-2938)\n\n - Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity:\n Medium) (CVE-2023-2939)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2940)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2023-2941)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079)\n\n - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-3214)\n\n - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216)\n\n - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)\n\n - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071)\n\n - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072)\n\n - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-4073)\n\n - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074)\n\n - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)\n\n - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)\n\n - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-4761)\n\n - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762)\n\n - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763)\n\n - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764)\n\n - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-5218)\n\n - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5473)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475)\n\n - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5476)\n\n - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) (CVE-2023-5477)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5479)\n\n - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) (CVE-2023-5480)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5481)\n\n - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5482)\n\n - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5483)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5484)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485)\n\n - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486)\n\n - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5487)\n\n - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5851)\n\n - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5852)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853)\n\n - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5854)\n\n - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5855)\n\n - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5856)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) (CVE-2023-5857)\n\n - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5858)\n\n - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) (CVE-2023-5859)\n\n - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996)\n\n - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997)\n\n - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-21775)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-25T00:00:00", "type": "nessus", "title": "GLSA-202311-11 : QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-3201", "CVE-2022-41115", "CVE-2022-4174", "CVE-2022-4175", "CVE-2022-4176", "CVE-2022-4177", "CVE-2022-4178", "CVE-2022-4179", "CVE-2022-4180", "CVE-2022-4181", "CVE-2022-4182", "CVE-2022-4183", "CVE-2022-4184", "CVE-2022-4185", "CVE-2022-4186", "CVE-2022-4187", "CVE-2022-4188", "CVE-2022-4189", "CVE-2022-4190", "CVE-2022-4191", "CVE-2022-4192", "CVE-2022-4193", "CVE-2022-4194", "CVE-2022-4195", "CVE-2022-4436", "CVE-2022-4437", "CVE-2022-4438", "CVE-2022-4439", "CVE-2022-4440", "CVE-2022-44688", "CVE-2022-44708", "CVE-2023-0128", "CVE-2023-0129", "CVE-2023-0130", "CVE-2023-0131", "CVE-2023-0132", "CVE-2023-0133", "CVE-2023-0134", "CVE-2023-0135", "CVE-2023-0136", "CVE-2023-0137", "CVE-2023-0138", "CVE-2023-0139", "CVE-2023-0140", "CVE-2023-0141", "CVE-2023-21775", "CVE-2023-21796", "CVE-2023-2721", "CVE-2023-2722", "CVE-2023-2723", "CVE-2023-2724", "CVE-2023-2725", "CVE-2023-2726", "CVE-2023-2929", "CVE-2023-2930", "CVE-2023-2931", "CVE-2023-2932", "CVE-2023-2933", "CVE-2023-2934", "CVE-2023-2935", "CVE-2023-2936", "CVE-2023-2937", "CVE-2023-2938", "CVE-2023-2939", "CVE-2023-2940", "CVE-2023-2941", "CVE-2023-3079", "CVE-2023-3214", "CVE-2023-3215", "CVE-2023-3216", "CVE-2023-3217", "CVE-2023-4068", "CVE-2023-4069", "CVE-2023-4070", "CVE-2023-4071", "CVE-2023-4072", "CVE-2023-4073", "CVE-2023-4074", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4077", "CVE-2023-4078", "CVE-2023-4761", "CVE-2023-4762", "CVE-2023-4763", "CVE-2023-4764", "CVE-2023-5218", "CVE-2023-5473", "CVE-2023-5474", "CVE-2023-5475", "CVE-2023-5476", "CVE-2023-5477", "CVE-2023-5478", "CVE-2023-5479", "CVE-2023-5480", "CVE-2023-5481", "CVE-2023-5482", "CVE-2023-5483", "CVE-2023-5484", "CVE-2023-5485", "CVE-2023-5486", "CVE-2023-5487", "CVE-2023-5849", "CVE-2023-5850", "CVE-2023-5851", "CVE-2023-5852", "CVE-2023-5853", "CVE-2023-5854", "CVE-2023-5855", "CVE-2023-5856", "CVE-2023-5857", "CVE-2023-5858", "CVE-2023-5859", "CVE-2023-5996", "CVE-2023-5997", "CVE-2023-6112"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:qtwebengine", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202311-11.NASL", "href": "https://www.tenable.com/plugins/nessus/186268", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202311-11.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(186268);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2022-2294\",\n \"CVE-2022-3201\",\n \"CVE-2022-4174\",\n \"CVE-2022-4175\",\n \"CVE-2022-4176\",\n \"CVE-2022-4177\",\n \"CVE-2022-4178\",\n \"CVE-2022-4179\",\n \"CVE-2022-4180\",\n \"CVE-2022-4181\",\n \"CVE-2022-4182\",\n \"CVE-2022-4183\",\n \"CVE-2022-4184\",\n \"CVE-2022-4185\",\n \"CVE-2022-4186\",\n \"CVE-2022-4187\",\n \"CVE-2022-4188\",\n \"CVE-2022-4189\",\n \"CVE-2022-4190\",\n \"CVE-2022-4191\",\n \"CVE-2022-4192\",\n \"CVE-2022-4193\",\n \"CVE-2022-4194\",\n \"CVE-2022-4195\",\n \"CVE-2022-4436\",\n \"CVE-2022-4437\",\n \"CVE-2022-4438\",\n \"CVE-2022-4439\",\n \"CVE-2022-4440\",\n \"CVE-2022-41115\",\n \"CVE-2022-44688\",\n \"CVE-2022-44708\",\n \"CVE-2023-0128\",\n \"CVE-2023-0129\",\n \"CVE-2023-0130\",\n \"CVE-2023-0131\",\n \"CVE-2023-0132\",\n \"CVE-2023-0133\",\n \"CVE-2023-0134\",\n \"CVE-2023-0135\",\n \"CVE-2023-0136\",\n \"CVE-2023-0137\",\n \"CVE-2023-0138\",\n \"CVE-2023-0139\",\n \"CVE-2023-0140\",\n \"CVE-2023-0141\",\n \"CVE-2023-2721\",\n \"CVE-2023-2722\",\n \"CVE-2023-2723\",\n \"CVE-2023-2724\",\n \"CVE-2023-2725\",\n \"CVE-2023-2726\",\n \"CVE-2023-2929\",\n \"CVE-2023-2930\",\n \"CVE-2023-2931\",\n \"CVE-2023-2932\",\n \"CVE-2023-2933\",\n \"CVE-2023-2934\",\n \"CVE-2023-2935\",\n \"CVE-2023-2936\",\n \"CVE-2023-2937\",\n \"CVE-2023-2938\",\n \"CVE-2023-2939\",\n \"CVE-2023-2940\",\n \"CVE-2023-2941\",\n \"CVE-2023-3079\",\n \"CVE-2023-3214\",\n \"CVE-2023-3215\",\n \"CVE-2023-3216\",\n \"CVE-2023-3217\",\n \"CVE-2023-4068\",\n \"CVE-2023-4069\",\n \"CVE-2023-4070\",\n \"CVE-2023-4071\",\n \"CVE-2023-4072\",\n \"CVE-2023-4073\",\n \"CVE-2023-4074\",\n \"CVE-2023-4075\",\n \"CVE-2023-4076\",\n \"CVE-2023-4077\",\n \"CVE-2023-4078\",\n \"CVE-2023-4761\",\n \"CVE-2023-4762\",\n \"CVE-2023-4763\",\n \"CVE-2023-4764\",\n \"CVE-2023-5218\",\n \"CVE-2023-5473\",\n \"CVE-2023-5474\",\n \"CVE-2023-5475\",\n \"CVE-2023-5476\",\n \"CVE-2023-5477\",\n \"CVE-2023-5478\",\n \"CVE-2023-5479\",\n \"CVE-2023-5480\",\n \"CVE-2023-5481\",\n \"CVE-2023-5482\",\n \"CVE-2023-5483\",\n \"CVE-2023-5484\",\n \"CVE-2023-5485\",\n \"CVE-2023-5486\",\n \"CVE-2023-5487\",\n \"CVE-2023-5849\",\n \"CVE-2023-5850\",\n \"CVE-2023-5851\",\n \"CVE-2023-5852\",\n \"CVE-2023-5853\",\n \"CVE-2023-5854\",\n \"CVE-2023-5855\",\n \"CVE-2023-5856\",\n \"CVE-2023-5857\",\n \"CVE-2023-5858\",\n \"CVE-2023-5859\",\n \"CVE-2023-5996\",\n \"CVE-2023-5997\",\n \"CVE-2023-6112\",\n \"CVE-2023-21775\",\n \"CVE-2023-21796\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/28\");\n\n script_name(english:\"GLSA-202311-11 : QtWebEngine: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202311-11 (QtWebEngine: Multiple Vulnerabilities)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174)\n\n - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-4175)\n\n - Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via UI interactions. (Chromium security severity: High) (CVE-2022-4176)\n\n - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a\n user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI\n interaction. (Chromium security severity: High) (CVE-2022-4177)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium\n security severity: High) (CVE-2022-4178)\n\n - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user\n to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4179)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to\n install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4180)\n\n - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4182)\n\n - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4183)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4184)\n\n - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote\n attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4185)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an\n attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a\n crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a\n remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4187)\n\n - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71\n allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security\n severity: Medium) (CVE-2022-4188)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker\n who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted\n Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189)\n\n - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4190)\n\n - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced\n a user to engage in specific UI interaction to potentially exploit heap corruption via profile\n destruction. (Chromium security severity: Medium) (CVE-2022-4191)\n\n - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who\n convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI\n interaction. (Chromium security severity: Medium) (CVE-2022-4192)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a\n remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4193)\n\n - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4194)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)\n (CVE-2022-4195)\n\n - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-4436)\n\n - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-4437)\n\n - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who\n convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (Chromium security severity: High) (CVE-2022-4438)\n\n - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who\n convinced the user to engage in specific UI interactions to potentially exploit heap corruption via\n specific UI interactions. (Chromium security severity: High) (CVE-2022-4439)\n\n - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4440)\n\n - Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability (CVE-2022-41115)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-44688)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2022-44708, CVE-2023-21796)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0128)\n\n - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (Chromium security severity: Medium) (CVE-2023-0130)\n\n - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote\n attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2023-0131)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74\n allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium\n security severity: Medium) (CVE-2023-0132)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74\n allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium\n security severity: Medium) (CVE-2023-0133)\n\n - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to\n install a malicious extension to potentially exploit heap corruption via database corruption and a crafted\n HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74\n allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security\n severity: Medium) (CVE-2023-0136)\n\n - Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an\n attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via\n a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0137)\n\n - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2023-0138)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74\n allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security\n severity: Low) (CVE-2023-0139)\n\n - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74\n allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security\n severity: Low) (CVE-2023-0140)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141)\n\n - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n (CVE-2023-2721)\n\n - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-2722)\n\n - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium\n security severity: High) (CVE-2023-2723)\n\n - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)\n\n - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2725)\n\n - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an\n attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML\n page. (Chromium security severity: Medium) (CVE-2023-2726)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-2929)\n\n - Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2930)\n\n - Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2023-2931,\n CVE-2023-2932, CVE-2023-2933)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-2934)\n\n - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2935,\n CVE-2023-2936)\n\n - Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a\n remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar)\n via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2937, CVE-2023-2938)\n\n - Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a\n local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity:\n Medium) (CVE-2023-2939)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who\n convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML\n page. (Chromium security severity: Medium) (CVE-2023-2940)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome\n Extension. (Chromium security severity: Low) (CVE-2023-2941)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079)\n\n - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n (CVE-2023-3214)\n\n - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216)\n\n - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068,\n CVE-2023-4070)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)\n\n - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4071)\n\n - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4072)\n\n - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-4073)\n\n - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4074)\n\n - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)\n\n - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker\n who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via\n a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker\n who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via\n a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)\n\n - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker\n who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-4761)\n\n - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute\n arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762)\n\n - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4763)\n\n - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to\n spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4764)\n\n - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n (CVE-2023-5218)\n\n - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium\n security severity: Low) (CVE-2023-5473)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who\n convinced a user to install a malicious extension to bypass discretionary access control via a crafted\n Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475)\n\n - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5476)\n\n - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker\n to bypass discretionary access control via a crafted command. (Chromium security severity: Low)\n (CVE-2023-5477)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker\n who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML\n page. (Chromium security severity: Medium) (CVE-2023-5479)\n\n - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)\n (CVE-2023-5480)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote\n attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5481)\n\n - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to\n perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-5482)\n\n - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker\n to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5483)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote\n attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5484)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker\n to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485)\n\n - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to\n spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486)\n\n - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who\n convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome\n Extension. (Chromium security severity: Medium) (CVE-2023-5487)\n\n - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to\n perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5851)\n\n - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI\n gestures. (Chromium security severity: Medium) (CVE-2023-5852)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to\n obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853)\n\n - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI\n gestures. (Chromium security severity: Medium) (CVE-2023-5854)\n\n - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI\n gestures. (Chromium security severity: Medium) (CVE-2023-5855)\n\n - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted\n HTML page. (Chromium security severity: Medium) (CVE-2023-5856)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)\n (CVE-2023-5857)\n\n - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2023-5858)\n\n - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)\n (CVE-2023-5859)\n\n - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-5996)\n\n - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-5997)\n\n - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-6112)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-21775)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202311-11\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=888181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=903544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=904290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=906857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=909778\");\n script_set_attribute(attribute:\"solution\", value:\n\"All QtWebEngine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=dev-qt/qtwebengine-5.15.10_p20230623\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-6112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'dev-qt/qtwebengine',\n 'unaffected' : make_list(\"ge 5.15.10_p20230623\"),\n 'vulnerable' : make_list(\"lt 5.15.10_p20230623\")\n }\n];\n\nforeach var package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'QtWebEngine');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-06T16:40:38", "description": "### *Detect date*:\n06/13/2022\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2008](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008>) \n[CVE-2022-2007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007>) \n[CVE-2022-2010](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010>) \n[CVE-2022-2011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2007](<https://vulners.com/cve/CVE-2022-2007>)5.0Warning \n[CVE-2022-2010](<https://vulners.com/cve/CVE-2022-2010>)5.0Warning \n[CVE-2022-2011](<https://vulners.com/cve/CVE-2022-2011>)5.0Warning \n[CVE-2022-2008](<https://vulners.com/cve/CVE-2022-2008>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-13T00:00:00", "type": "kaspersky", "title": "KLA12558 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-09-29T00:00:00", "id": "KLA12558", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12558/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:40:53", "description": "### *Detect date*:\n06/09/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 102.0.5005.115\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-2007](<https://vulners.com/cve/CVE-2022-2007>)5.0Warning \n[CVE-2022-2010](<https://vulners.com/cve/CVE-2022-2010>)5.0Warning \n[CVE-2022-2011](<https://vulners.com/cve/CVE-2022-2011>)5.0Warning \n[CVE-2022-2008](<https://vulners.com/cve/CVE-2022-2008>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-09T00:00:00", "type": "kaspersky", "title": "KLA12556 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-09-29T00:00:00", "id": "KLA12556", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12556/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:38:42", "description": "### *Detect date*:\n06/13/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nOpera earlier than 88.0.4412.40\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 88](<https://blogs.opera.com/desktop/changelog-for-88/#b4412.40>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-2007](<https://vulners.com/cve/CVE-2022-2007>)5.0Warning \n[CVE-2022-2010](<https://vulners.com/cve/CVE-2022-2010>)5.0Warning \n[CVE-2022-2011](<https://vulners.com/cve/CVE-2022-2011>)5.0Warning \n[CVE-2022-2008](<https://vulners.com/cve/CVE-2022-2008>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-13T00:00:00", "type": "kaspersky", "title": "KLA12570 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2023-09-29T00:00:00", "id": "KLA12570", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12570/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:36:48", "description": "### *Detect date*:\n07/06/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) \n[CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T00:00:00", "type": "kaspersky", "title": "KLA12579 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-09-29T00:00:00", "id": "KLA12579", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12579/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:36:59", "description": "### *Detect date*:\n07/04/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 103.0.5060.114\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "kaspersky", "title": "KLA12578 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-09-29T00:00:00", "id": "KLA12578", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12578/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:34:53", "description": "### *Detect date*:\n07/14/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOpera earlier than 89.0.4447.48\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 89](<https://blogs.opera.com/desktop/changelog-for-89/#b4447.48>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-14T00:00:00", "type": "kaspersky", "title": "KLA12587 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-09-29T00:00:00", "id": "KLA12587", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12587/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-06T15:47:18", "description": "\n\nChrome Releases reports:\n\nThis release contains 7 security fixes, including:\n\n[1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17\n[1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19\n[1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13\n[1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-09T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-09T00:00:00", "id": "C80CE2DD-E831-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:47:18", "description": "\n\nChrome Releases reports:\n\nThis release contains 4 security fixes, including:\n\n[1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01\n[1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n[1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-12-07T11:52:59", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5163-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 12, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 102.0.5005.115-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-12T17:53:51", "type": "debian", "title": "[SECURITY] [DSA 5163-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-12T17:53:51", "id": "DEBIAN:DSA-5163-1:43040", "href": "https://lists.debian.org/debian-security-announce/2022/msg00131.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T11:52:06", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5180-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 11, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2294 CVE-2022-2295 CVE-2022-2296\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-11T17:47:32", "type": "debian", "title": "[SECURITY] [DSA 5180-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-11T17:47:32", "id": "DEBIAN:DSA-5180-1:E631C", "href": "https://lists.debian.org/debian-security-announce/2022/msg00148.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:15:59", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 102.0.5005.115-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.8}, "published": "2022-06-12T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2007"], "modified": "2022-08-10T07:15:56", "id": "OSV:DSA-5163-1", "href": "https://osv.dev/vulnerability/DSA-5163-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:21:05", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-07-11T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2296", "CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-08-10T07:21:00", "id": "OSV:DSA-5180-1", "href": "https://osv.dev/vulnerability/DSA-5180-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2023-12-06T20:11:48", "description": "The Stable channel has been updated to 102.0.5005.115 for Windows, Mac and Linux which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/102.0.5005.61..102.0.5005.115?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [7](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M102>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$10000][[1326210](<https://crbug.com/1326210>)] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17\n\n[$TBD][[1317673](<https://crbug.com/1317673>)] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19\n\n[$NA][[1325298](<https://crbug.com/1325298>)] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13\n\n[$TBD][[1330379](<https://crbug.com/1330379>)] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1333948](<https://crbug.com/1333948>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-09T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-09T00:00:00", "id": "GCSA-6014598646949510537", "href": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T20:11:46", "description": "Hi, everyone! We've just released Chrome 103 (103.0.5060.71) for Android: it'll become [available on Google Play](<https://play.google.com/store/apps/details?id=com.android.chrome>) over the next few days.\n\nThis release includes security,stability and performance improvements. You can see a full list of the changes in the [Git log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.70..103.0.5060.71?pretty=fuller&n=10000>). \n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [3](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$TBD][[1327312](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC.\n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1341569](<https://crbug.com/1341569>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL.\n\nIf you find a new issue, please let us know by [filing a bug](<https://code.google.com/p/chromium/issues/entry?template=Android%20Issue>). \n\n\n\nKrishna Govind \n[Google Chrome](<https://www.google.com/chrome/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Chrome for Android Update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-07-04T00:00:00", "id": "GCSA-7720125337817983232", "href": "https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T20:11:46", "description": "The Stable channel has been updated to 103.0.5060.114 for Windows. which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.53..103.0.5060.114?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [4](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n[$TBD][[1341043](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 \n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16 \n\n[$3000][[1327087](<https://crbug.com/1327087>)] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 \n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1338205](<https://crbug.com/1338205>)] Various fixes from internal audits, fuzzing and other initiatives\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "GCSA-5089288012050676645", "href": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-06T16:56:01", "description": "The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: Use after free in WebGPU. (CVE-2022-2007) Out of bounds memory access in WebGL. (CVE-2022-2008) Out of bounds read in compositing. (CVE-2022-2010) Use after free in ANGLE. (CVE-2022-2011) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-17T00:05:59", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-17T00:05:59", "id": "MGASA-2022-0232", "href": "https://advisories.mageia.org/MGASA-2022-0232.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:56:01", "description": "The updated packages fix security vulnerabilities and other issues. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-20T13:04:13", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-20T13:04:13", "id": "MGASA-2022-0287", "href": "https://advisories.mageia.org/MGASA-2022-0287.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-20T23:25:26", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T15:54:00", "id": "PRION:CVE-2022-2294", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:20:02", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-10-26T13:49:00", "id": "PRION:CVE-2022-2007", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:20:04", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "Double free", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-10-27T18:08:00", "id": "PRION:CVE-2022-2008", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:20:07", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-10-26T13:49:00", "id": "PRION:CVE-2022-2011", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:20:06", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T01:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-10-26T13:48:00", "id": "PRION:CVE-2022-2010", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "mscve": [{"lastseen": "2023-12-06T17:01:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T16:32:48", "type": "mscve", "title": "Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-07T07:00:00", "id": "MS:CVE-2022-2294", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:01:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-13T19:41:56", "type": "mscve", "title": "Chromium: CVE-2022-2007 Use after free in WebGPU", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-06-13T19:41:56", "id": "MS:CVE-2022-2007", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:01:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-13T19:42:03", "type": "mscve", "title": "Chromium: CVE-2022-2010 Out of bounds read in compositing", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-06-13T19:42:03", "id": "MS:CVE-2022-2010", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-12-06T17:01:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-13T19:42:05", "type": "mscve", "title": "Chromium: CVE-2022-2011 Use after free in ANGLE", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-06-13T19:42:05", "id": "MS:CVE-2022-2011", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:01:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-13T19:41:59", "type": "mscve", "title": "Chromium: CVE-2022-2008 Out of bounds memory access in WebGL", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-06-13T19:41:59", "id": "MS:CVE-2022-2008", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-06T15:11:01", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2294", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-11-25T11:15:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:webrtc_project:webrtc:-", "cpe:/o:fedoraproject:fedora:36", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0"], "id": "CVE-2022-2294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T14:53:10", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2007", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2007", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T14:53:27", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2010", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2010", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T14:53:20", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2008", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T14:53:30", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "cve", "title": "CVE-2022-2011", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2023-06-14T20:06:12", "description": "chromium is vulnerable to a heap buffer overflow. The vulnerability allows an attacker to crash the system through potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-17T17:23:34", "type": "veracode", "title": "Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T18:06:53", "id": "VERACODE:36373", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36373/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T19:55:29", "description": "chrome is vulnerable to Use after free. The vulnerability exists due to a use after free in WebGPU allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-18T17:04:41", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2023-04-27T15:49:28", "id": "VERACODE:36037", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36037/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T20:12:48", "description": "chrome is vulnerable to out of bounds read. The vulnerability exists due to an out of bounds read in compositing allowing a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-06-18T17:03:47", "type": "veracode", "title": "Out-of-Bounds Read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-10-26T14:15:09", "id": "VERACODE:36035", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36035/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-17T19:55:29", "description": "chrome is vulnerable to use after free. The vulnerability exists due to a memory corruption in ANGLE which allows an attacker to potentially exploit heap corruption via a malicious HTML page. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-18T17:03:46", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2023-04-27T15:49:15", "id": "VERACODE:36034", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36034/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T20:12:49", "description": "chrome is vulnerable to Out of bounds read. The vulnerability exists due to an out of bounds memory access in WebGL which allows an attacker to potentially exploit heap corruption via a malicious HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-18T17:04:35", "type": "veracode", "title": "Out-of-Bounds Read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-10-27T20:15:34", "id": "VERACODE:36036", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36036/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2022-07-05T15:58:36", "description": "Google has released version 103.0.5060.114 for Chrome, now available in the [Stable Desktop channel](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) worldwide. The main goal of this new version is to patch CVE-2022-2294.\n\n[CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications (WebRTC) component which is being exploited in the wild. This is the fourth Chrome zero-day to be patched in 2022.\n\n## Heap buffer overflow\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\nA buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n\nThe heap is an area of memory made available use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.\n\n## The vulnerability\n\nWebRTC on Chrome is the first true in-browser solution to real-time communications (RTC). It supports video, voice, and generic data to be sent between peers, allowing developers to build powerful voice- and video-communication solutions. The technology is available on all modern browsers as well as on native clients for all major platforms.\n\nA WebRTC application will usually go through a common application flow. Access the media devices, open peer connections, discover peers, and start streaming. Since Google does not disclose details about the vulnerability until everyone has had ample opportunity to install the fix it is unclear in what stage the vulnerability exists.\n\n## How to protect yourself\n\nIf you\u2019re a Chrome user on Windows or Mac, you should update as soon as possible.\n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerability. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\n![updating Chrome](https://blog.malwarebytes.com/wp-content/uploads/2022/07/updating-600x245.png)\n\nAfter the update the version should be 103.0.5060.114 or later.\n\n![Chrome is up to date](https://blog.malwarebytes.com/wp-content/uploads/2022/07/uptodate-600x250.png)\n\nSince WebRTC is a Chromium component, users of other Chromium based browsers may see a similar update.\n\nStay safe, everyone!\n\nThe post [Update now! Chrome patches ANOTHER zero-day vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-07-05T13:56:04", "type": "malwarebytes", "title": "Update now! Chrome patches ANOTHER zero-day vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-05T13:56:04", "id": "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-13T15:00:52", "description": "Users of Chrome have been advised to [apply updates](<https://www.zdnet.com/article/time-to-update-google-patches-seven-chrome-browser-bugs-four-rated-high-risk/>) as soon as possible related to seven security vulnerabilities. [CISA has also warned](<https://www.cisa.gov/uscert/ncas/current-activity/2022/06/10/google-releases-security-updates-chrome>) that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patches.\n\nChrome 102.0.5005.115 is [due to roll out](<https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html>) over the coming days/weeks. This is for all users regardless of whether they use Windows, Linux, or Mac.\n\n## The vulnerabilities\n\nFour of the seven issues have been rated as high risk.\n\n[CVE-2022-2007](<https://www.cvedetails.com/cve/CVE-2007-2022/>): Use after free in WebGPU. This can allow manipulation of the memory layer of the browser, with the possibility of remote code execution as per [an older example](<https://blog.talosintelligence.com/2020/08/vuln-spotlight-chrome-use-free-aug-2020.html>).\n\n[CVE-2022-2008](<https://www.cvedetails.com/cve/CVE-2007-2008/>): Out of bounds memory access in WebGL.\n\n[CVE-2022-2010](<https://www.cvedetails.com/cve/CVE-2007-2010/>): Out of bounds read in compositing. According to [reports](<https://vuldb.com/?id.201623>), the attack may be initiated remotely and no form of authentication is required for exploitation, but some form of user interaction is required.\n\n[CVE-2022-2011](<https://www.cvedetails.com/cve/CVE-2007-2011/>): Use after free in ANGLE. [Almost Native Graphics Layer Engine](<https://en.wikipedia.org/wiki/ANGLE_\$software\$#:~:text=ANGLE%20\\(Almost%20Native%20Graphics%20Layer,limitations%20of%20OpenGL%20ES%20standard.>) (ANGLE) is an "open source, cross-platform graphics engine abstraction layer" which was developed by Google.\n\n## Next steps\n\nMore details likely won't be forthcoming for a while yet, so it's crucial to [apply updates](<https://support.google.com/chrome/answer/95414>) as soon as possible.\n\nIn Chrome, click the **More** icon, then **Help** -> **About Google Chrome.** From here, you'll be able to see your current update status and apply the update as required.\n\nThis should be all you need to do to keep the above security vulnerabilities at bay.\n\nThe post [Update Chrome now: Four high risk vulnerabilities found](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-chrome-now-four-high-risk-vulnerabilities-found/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-06-13T14:20:34", "type": "malwarebytes", "title": "Update Chrome now: Four high risk vulnerabilities found", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2008", "CVE-2007-2010", "CVE-2007-2011", "CVE-2007-2022", "CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011"], "modified": "2022-06-13T14:20:34", "id": "MALWAREBYTES:553E789D665C7E7A1298EFE0276A4D50", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/update-chrome-now-four-high-risk-vulnerabilities-found/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T00:03:08", "description": "On Friday, Google [announced](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) the release of a new version of its Chrome browser that includes a security fix for a zero-day tracked as [CVE-2022-3075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3075>). As with previous announcements, technical details about the vulnerability won't be released until a certain number of Chrome users have already applied the patch.\n\nGoogle is urging its Windows, Mac, and Linux users to update Chrome to version** 105.0.5195.102**.\n\nCVE-2022-3075 is described as an \"[i]nsufficient data validation in Mojo\". According to Chromium documents, Mojo is \"a collection of runtime libraries" that facilitates interfacing standard, low-level interprocess communication (IPC) primitives. Mojo provides a platform-agnostic abstraction of these primitives, which comprise most of Chrome's code.\n\nAn anonymous security researcher is credited for discovering and reporting the flaw.\n\nCVE-2022-3075 is the sixth zero-day Chrome vulnerability Google had to address. The previous ones were:\n\n * [C](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>)[VE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a Use-after-Free (UAF) vulnerability, which was patched in February\n * [CVE-2022-1096](<https://www.malwarebytes.com/blog/news/2022/03/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild>), a \"Type Confusion in V8\" vulnerability, which was patched in March\n * [CVE-2022-1364](<https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-zero-day-used-in-attacks/>), a flaw in the V8 JavaScript engine, which was patched in April\n * [CVE-2022-2294](<https://www.malwarebytes.com/blog/news/2022/07/update-now-chrome-patches-another-zero-day-vulnerability>), a flaw in the Web Real-Time Communications (WebRTC), which was patched in July\n * [CVE-2022-2856](<https://www.malwarebytes.com/blog/news/2022/08/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild>), an insufficient input validation flaw, which was patched in August\n\nGoogle Chrome needs minimum oversight as it updates automatically. However, if you're in the habit of not closing your browser or have extensions that may hinder Chrome from automatically doing this, please check your browser every now and then.\n\nOnce Chrome notifies you of an available update, don't hesitate to download it. The patch is applied once you relaunch the browser.\n\n![](https://www.malwarebytes.com/blog/news/2022/09/easset_upload_file63727_234723_e.png)\n\nStay safe!", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-05T16:30:00", "type": "malwarebytes", "title": "Zero-day puts a dent in Chrome's mojo", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-05T16:30:00", "id": "MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "href": "https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2023-12-06T18:21:15", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2294", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:21:15", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2007", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2007", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:21:15", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2008", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2008", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:21:15", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2011", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2011", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:21:15", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T01:15:00", "type": "debiancve", "title": "CVE-2022-2010", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-07-28T01:15:00", "id": "DEBIANCVE:CVE-2022-2010", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-07T13:39:13", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2294", "href": "https://ubuntu.com/security/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T13:39:18", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115\nallowed a remote attacker who had compromised the renderer process to\npotentially perform a sandbox escape via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2010", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2010", "href": "https://ubuntu.com/security/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-12-07T13:39:19", "description": "Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2007", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2007", "href": "https://ubuntu.com/security/CVE-2022-2007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T13:39:18", "description": "Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2011", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2011"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2011", "href": "https://ubuntu.com/security/CVE-2022-2011", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T13:39:18", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2008", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2008", "href": "https://ubuntu.com/security/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2022-08-04T20:00:29", "description": "Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Candiru(Saito Tech) spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability in WebRTC is a heap-based buffer overflow. Its successful exploitation may result in code execution on the targeted device.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T06:06:37", "type": "hivepro", "title": "Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T06:06:37", "id": "HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809", "href": "https://www.hivepro.com/spyware-group-candiru-exploits-chrome-zero-day-to-target-middle-east/", "cvss": {"score": 0.0, "vector": "NONE"}}], "attackerkb": [{"lastseen": "2023-10-18T16:35:39", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at July 05, 2022 3:18am UTC reported:\n\nLooks like this was a heap buffer overflow in WebRTC which could allow for a drive by attack that would grant attackers RCE on a target system. No news as to whether or not this was used with a sandbox escape though, It was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 according to <https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>, yet interestingly <https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html> also note it affects Chrome for Android.\n\nThere is a real world exploit for this out in the wild but given the generally tight lipped news around this and that it was found from a threat intelligence team, I would imagine this may have been used in more targeted attacks, but still widely enough that a threat intelligence team picked up on it. Bit hard to tell though since I hadn\u2019t heard about the Avast Threat Intelligence team prior to this; I imagine its possible one of their customers was targeted selectively and then they found out and notified Google.\n\nWith heap overflow bugs I generally err on the side of \u201cwell these things are harder to exploit\u201d however with browsers you typically have access to a much wider arsenal to use for crafting the heap into a state that is desirable for exploitation purposes, so the risk is a bit higher here. That being said exploitation of such bugs tends to be a little more complex in most cases, particularly given recent mitigations. I\u2019d still recommend patching this one if you can, but if not then you should try to disable WebRTC on your browsers until you can patch given in the wild exploitation.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "attackerkb", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-10-08T00:00:00", "id": "AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "href": "https://attackerkb.com/topics/42OzzPsFw0/cve-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-12-06T16:20:37", "description": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-25T00:00:00", "type": "cisa_kev", "title": "WebRTC Heap Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-25T00:00:00", "id": "CISA-KEV-CVE-2022-2294", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-10-13T22:33:51", "description": "A heap buffer overflow vulnerability exists in Google Chrome WebRTC. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-22T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome WebRTC Heap Buffer Overflow (CVE-2022-2294)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-09-22T00:00:00", "id": "CPAI-2022-0566", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2022-08-03T09:59:40", "description": "[![Candiru Spyware Chrome Exploit](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e1000/chrome.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e100/chrome.jpg>)\n\nThe actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.\n\nCzech cybersecurity firm Avast linked the exploitation to [Candiru](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) (aka Saito Tech), which has a history of [leveraging previously unknown flaws](<https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html>) to deploy a Windows malware dubbed **DevilsTongue**, a modular implant with [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>)-like capabilities.\n\nCandiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were [added to the entity list](<https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html>) by the U.S. Commerce Department in November 2021 for engaging in \"malicious cyber activities.\"\n\n\"Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,\" security researcher Jan Vojt\u011b\u0161ek, who reported the discovery of the flaw, [said](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>) in a write-up. \"We believe the attacks were highly targeted.\"\n\nThe vulnerability in question is [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>), memory corruption in the [WebRTC](<https://webrtc.org/>) component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by [Apple](<https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html>) and [Microsoft](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>) in Safari and Edge browsers.\n\nThe findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.\n\n[![Candiru Spyware](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e1000/chrome-exploit.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e100/chrome-exploit.jpg>)\n\nThe infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that's responsible for redirecting potential victims to an exploit server.\n\nVia this watering hole technique, a profile of the victim's browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.\n\nAvast assessed the information was gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of value by the hackers, the zero-day exploit is then delivered to the victim's machine over an encrypted channel.\n\nThe exploit, in turn, abuses the heap buffer overflow in WebRTC to attain shellcode execution. The zero-day flaw is said to have been chained with a sandbox escape exploit (that was never recovered) to gain an initial foothold, using it to drop the DevilsTongue payload.\n\nWhile the sophisticated malware is capable of recording the victim's webcam and microphone, keylogging, exfiltrating messages, browsing history, passwords, locations, and much more, it has also been observed attempting to escalate its privileges by installing a vulnerable signed kernel driver (\"[HW.sys](<https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5>)\") containing a third zero-day exploit.\n\nEarlier this January, ESET [explained](<https://www.eset.com/int/about/newsroom/press-releases/research/esets-research-into-bring-your-own-vulnerable-driver-details-attacks-on-drivers-in-windows-core-1/>) how vulnerable signed kernel drivers - an approach called Bring Your Own Vulnerable Driver ([BYOVD](<https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/>)) - can become unguarded gateways for malicious actors to gain entrenched access to Windows machines. \n\nThe disclosure comes a week after Proofpoint [revealed](<https://thehackernews.com/2022/07/state-backed-hackers-targeting.html>) that nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware since early 2021.\n\n**_Update:_** Google Project Zero shared the below statement following the publication of the story \u2013\n\n\"CVE-2022-2294 is a memory corruption vulnerability in [libWebRTC](<https://webrtc.org/>), a video conferencing library that is widely used by browsers and mobile applications,\" the search giant's cybersecurity teams said. \"Avast reported that this vulnerability was used to target Google Chrome users in the wild.\"\n\n\"The vulnerability potentially affects other browsers, and was recently [patched](<https://support.apple.com/en-us/HT213341>) in Safari. Many mobile applications also contain the vulnerable code, though it is unclear whether the bug is exploitable. We are not aware of any active exploitation targeting platforms other than Chrome. We greatly appreciate Avast detecting and reporting this issue.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-22T06:40:00", "type": "thn", "title": "Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-03T08:33:23", "id": "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "href": "https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-05T16:25:13", "description": "[![Google Chrome Browser](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPIpWOjahlvRij54ICh2NyDdEkKI9koTk4lx8UXqPG1hBOVokLO1jZE7QvnnAHX4fw21sdwK34cVKndChvGxTI0QScuSjwYGvpLSpuK9FSFbuXtXzoaxwm6I78OZwM-uyBKf7_r18ShybiBxFrmBcIKJ7pAD2BPSMaEVwJzpBkK1kNSbrrtJ6AmkPk/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPIpWOjahlvRij54ICh2NyDdEkKI9koTk4lx8UXqPG1hBOVokLO1jZE7QvnnAHX4fw21sdwK34cVKndChvGxTI0QScuSjwYGvpLSpuK9FSFbuXtXzoaxwm6I78OZwM-uyBKf7_r18ShybiBxFrmBcIKJ7pAD2BPSMaEVwJzpBkK1kNSbrrtJ6AmkPk/s728-e100/chrome-update.jpg>)\n\nGoogle on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.\n\nThe shortcoming, tracked as [**CVE-2022-2294**](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>), relates to a heap overflow flaw in the [WebRTC](<https://en.wikipedia.org/wiki/WebRTC>) component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.\n\nHeap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the [heap area of the memory](<https://en.wikipedia.org/wiki/Memory_management#Manual_memory_management>), leading to arbitrary code execution or a denial-of-service (DoS) condition.\n\n\"Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code,\" MITRE [explains](<https://cwe.mitre.org/data/definitions/122.html>). \"When the consequence is arbitrary code execution, this can often be used to subvert any other security service.\"\n\nCredited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Threat Intelligence team. It's worth pointing out that the bug also [impacts](<https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html>) the Android version of Chrome.\n\nAs is usually the case with zero-day exploitation, details pertaining to the flaw as well as other specifics related to the campaign have been withheld to prevent further abuse in the wild and until a significant chunk of users are updated with a fix.\n\nCVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\nThe disclosure shortly follows a report from Google Project Zero, which [noted](<https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html>) that a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild so far this year.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T02:55:00", "type": "thn", "title": "Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294"], "modified": "2022-07-05T13:54:52", "id": "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "href": "https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-17T15:25:34", "description": "[![Google Chrome Zero-Day Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3_bb3VbAiNI0HLVud2PvXV4VExBpknt5lLSc3IAtymjftt7sn5yG-gY7yWqZ7D13YpvQEhW_EH4K62wzm6dC_qDTQQokydIY0LHI2Ivvv6v5ShPJk8fOOoh0yQrASsDwCREknRK5SCrggAETbG4yY7w0t3uG53Dnpf3ckvBXKygsIpNHrnmHDrimR/s728-e1000/chrome.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3_bb3VbAiNI0HLVud2PvXV4VExBpknt5lLSc3IAtymjftt7sn5yG-gY7yWqZ7D13YpvQEhW_EH4K62wzm6dC_qDTQQokydIY0LHI2Ivvv6v5ShPJk8fOOoh0yQrASsDwCREknRK5SCrggAETbG4yY7w0t3uG53Dnpf3ckvBXKygsIpNHrnmHDrimR/s728-e100/chrome.png>)\n\nGoogle on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.\n\nTracked as **CVE-2022-2856**, the issue has been described as a case of insufficient validation of untrusted input in [Intents](<https://www.chromium.org/developers/web-intents-in-chrome/>). Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.\n\nAs is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. \"Google is aware that an exploit for CVE-2022-2856 exists in the wild,\" it [acknowledged](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) in a terse statement.\n\nThe latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.\n\nThe development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n\nUsers are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T12:02:00", "type": "thn", "title": "New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856"], "modified": "2022-08-17T13:41:27", "id": "THN:EDC4E93542AFAF751E67BF527C826DA4", "href": "https://thehackernews.com/2022/08/new-google-chrome-zero-day.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T06:03:15", "description": "[![Chrome Update](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e100/chrome-update.jpg>)\n\nGoogle on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild.\n\nThe issue, assigned the identifier **CVE-2022-3075**, concerns a case of insufficient data validation in [Mojo](<https://chromium.googlesource.com/chromium/src/+/HEAD/mojo/README.md>), which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).\n\nAn anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,\" the internet giant [said](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>), without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw.\n\nThe latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n\nUsers are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-03T03:56:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-06T04:20:05", "id": "THN:0ADE883013E260B4548F6E16D65487D3", "href": "https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-28T12:06:14", "description": "[![Chrome Zero-Day Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhv36XpOZ1dAQAOtoI2FJrLTIwbrZmkU8pIotJv8smSt1yHSR5Sbs9DtPNusAAMvajmGc-st695EsqO3w1aNTpm9vxASuSHCLI61DemGb3LaAMW7MDDLo4j30s4iE1DZr2UeTpkEHlUc-WwTo0zqCxLNMlSHPLCRNEDT4wpaWQjgJMl3KhUpK7MKa2Z/s728-e1000/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhv36XpOZ1dAQAOtoI2FJrLTIwbrZmkU8pIotJv8smSt1yHSR5Sbs9DtPNusAAMvajmGc-st695EsqO3w1aNTpm9vxASuSHCLI61DemGb3LaAMW7MDDLo4j30s4iE1DZr2UeTpkEHlUc-WwTo0zqCxLNMlSHPLCRNEDT4wpaWQjgJMl3KhUpK7MKa2Z/s728-e100/chrome-zero-day-vulnerability.jpg>)\n\nGoogle on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser.\n\nThe [vulnerability](<https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html>), tracked as **CVE-2022-3723**, has been described as a type confusion flaw in the V8 JavaScript engine.\n\nSecurity researchers Jan Vojt\u011b\u0161ek, Mil\u00e1nek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild,\" the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks.\n\nCVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) and [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>).\n\nThe latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n\nUsers are recommended to upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-28T10:40:00", "type": "thn", "title": "Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723"], "modified": "2022-10-28T10:58:12", "id": "THN:222F7713CA968509F8C385BA29B0B6A5", "href": "https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-26T04:08:15", "description": "[ ![Update Chrome Browser](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEikPLibtmTn8N2H14UEsCbQi0mXDkp7d4sxfUThlf9SHApnBVQaXlzTa5_Y_GROcH_HN9A8cDTE0iaRtCHiFqthOucxRIZyrjEzXxqkiX0DQPciOOULFnJ0I4aob50-m5id5elUHNKFtdF-5Ep-jdQVcYtFgUVENLsQkZIYWjXsuoDDYF_UBh0lc0o2/s728-e1000/chrome-update.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEikPLibtmTn8N2H14UEsCbQi0mXDkp7d4sxfUThlf9SHApnBVQaXlzTa5_Y_GROcH_HN9A8cDTE0iaRtCHiFqthOucxRIZyrjEzXxqkiX0DQPciOOULFnJ0I4aob50-m5id5elUHNKFtdF-5Ep-jdQVcYtFgUVENLsQkZIYWjXsuoDDYF_UBh0lc0o2/s728-e100/chrome-update.png>)\n\nGoogle on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.\n\nTracked as **CVE-2022-4135**, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.\n\nHeap-based buffer overflow bugs can be [weaponized](<https://cwe.mitre.org/data/definitions/122.html>) by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.\n\n\"Google is aware that an exploit for CVE-2022-4135 exists in the wild,\" the tech giant [acknowledged](<https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html>) in an advisory.\n\nBut like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and to prevent further abuse.\n\nWith the latest update, Google has resolved eight zero-day vulnerabilities in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to upgrade to version 107.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-25T13:12:00", "type": "thn", "title": "Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135"], "modified": "2022-11-26T04:07:40", "id": "THN:FFFF05ECDE44C9ED26B53D328B60689B", "href": "https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-05T06:08:51", "description": "[![Google zero-day](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi3-1t-O1Y4Oqvj24RGfItVIc7r4d1BOuWfRH4xG5ilh6GX83VydcDH0Fs1xqW5JUvFrpLzvA9ifqmf2lHts3lgA5VStlmb7c1Msk0yFUv5qzEgEjiU3_EPqVJlK4Z6uzMUFoKmnDAHWtOXsYNv7vEG8yG9H-NwH46z-Z7nAKiihKDF7bzl_Y20QXxS/s728-e1000/chrome.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi3-1t-O1Y4Oqvj24RGfItVIc7r4d1BOuWfRH4xG5ilh6GX83VydcDH0Fs1xqW5JUvFrpLzvA9ifqmf2lHts3lgA5VStlmb7c1Msk0yFUv5qzEgEjiU3_EPqVJlK4Z6uzMUFoKmnDAHWtOXsYNv7vEG8yG9H-NwH46z-Z7nAKiihKDF7bzl_Y20QXxS/s728-e100/chrome.png>)\n\nSearch giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.\n\nThe high-severity flaw, tracked as [CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>), concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.\n\nType confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.\n\nAccording to the NIST's National Vulnerability Database, the flaw [permits](<https://nvd.nist.gov/vuln/detail/CVE-2022-4262>) a \"remote attacker to potentially exploit heap corruption via a crafted HTML page.\"\n\nGoogle acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.\n\nCVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also the ninth zero-day flaw attackers have exploited in the wild in 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-4135**](<https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html>) \\- Heap buffer overflow in GPU\n\nUsers are recommended to upgrade to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T04:41:00", "type": "thn", "title": "Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-05T04:33:44", "id": "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "href": "https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-30T04:02:42", "description": "[![Actively Exploited Vulnerabilities](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgIeK3eJtR_et6MNbj0n-dcpg6m3XLALiJRPrhIA4yGOSfgFp4GFAJFR2Q3o31-tQcQpuVnc_WCTyR9yoih4dgeHa6orUrdUWCpDX1WWtymO1klV2EcDBa4OBds15BKHAGsEW3hPAVQ_HB772TkQVTfNrqyRvm5rY4qOkI7i3UarIAnOVC8LJfIZ0F3/s728-e1000/CISA.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgIeK3eJtR_et6MNbj0n-dcpg6m3XLALiJRPrhIA4yGOSfgFp4GFAJFR2Q3o31-tQcQpuVnc_WCTyR9yoih4dgeHa6orUrdUWCpDX1WWtymO1klV2EcDBa4OBds15BKHAGsEW3hPAVQ_HB772TkQVTfNrqyRvm5rY4qOkI7i3UarIAnOVC8LJfIZ0F3/s728-e100/CISA.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its [Known Exploited Vulnerabilities (KEV) Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), including a high-severity security flaw affecting industrial automation software from Delta Electronics.\n\nThe issue, tracked as [CVE-2021-38406](<https://nvd.nist.gov/vuln/detail/CVE-2021-38406>) (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful exploitation of the flaw may lead to arbitrary code execution.\n\n\"Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution,\" CISA said in an alert.\n\nIt's worth noting that CVE-2021-38406 was originally disclosed as part of an industrial control systems (ICS) advisory [published](<https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02>) in September 2021.\n\nHowever, there are no patches that address the vulnerability, with CISA noting that the \"impacted product is end-of-life and should be disconnected if still in use.\" Federal Civilian Executive Branch (FCEB) agencies are mandated to follow the guideline by September 15, 2022.\n\nNot much information is available about the nature of the attacks that exploit the security bug, but a recent report from Palo Alto Networks Unit 42 [pointed out](<https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/>) instances of in-the-wild attacks leveraging the flaw between February and April 2022.\n\nThe development adds weight to the notion that adversaries are getting faster at exploiting newly published vulnerabilities when they are first disclosed, leading to indiscriminate and opportunistic scanning attempts that aim to take advantage of delayed patching.\n\nThese attacks often follow a specific sequence for exploitation that involves web shells, crypto miners, botnets, and remote access trojans (RATs), followed by initial access brokers (IABs) that then pave the way for ransomware.\n\nAmong other actively exploited flaws added to the list are as follows -\n\n * [**CVE-2022-26352**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26352>) \\- dotCMS Unrestricted Upload of File Vulnerability\n * [**CVE-2022-24706**](<https://nvd.nist.gov/vuln/detail/CVE-2022-24706>) \\- Apache CouchDB Insecure Default Initialization of Resource Vulnerability\n * [**CVE-2022-24112**](<https://nvd.nist.gov/vuln/detail/cve-2022-24112>) \\- Apache APISIX Authentication Bypass Vulnerability\n * [**CVE-2022-22963**](<https://nvd.nist.gov/vuln/detail/CVE-2022-22963>) \\- VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability\n * [**CVE-2022-2294**](<https://nvd.nist.gov/vuln/detail/CVE-2022-2294>) \\- WebRTC Heap Buffer Overflow Vulnerability\n * [**CVE-2021-39226**](<https://nvd.nist.gov/vuln/detail/CVE-2021-39226>) \\- Grafana Authentication Bypass Vulnerability\n * [**CVE-2020-36193**](<https://nvd.nist.gov/vuln/detail/CVE-2020-36193>) \\- PEAR Archive_Tar Improper Link Resolution Vulnerability\n * [**CVE-2020-28949**](<https://nvd.nist.gov/vuln/detail/CVE-2020-28949>) \\- PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability\n\n### iOS and macOS flaw added to the list\n\nAnother high-severity flaw added to the KEV Catalog is [**CVE-2021-31010**](<https://nvd.nist.gov/vuln/detail/CVE-2021-31010>) (CVSS score: 7.5), a deserialization issue in Apple's Core Telephony component that could be leveraged to circumvent sandbox restrictions.\n\nThe tech giant addressed the shortcoming in iOS 12.5.5, iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6 (and Security Update 2021-005 Catalina), and watchOS 7.6.2 released in September 2021.\n\nWhile there were no indications that the flaw was being exploited at the time, the tech giant appears to have silently revised its advisories on May 25, 2022 to add the vulnerability and confirm that it had indeed been abused in attacks.\n\n\"Apple was aware of a report that this issue may have been actively exploited at the time of release,\" the iPhone maker noted, crediting Citizen Lab and Google Project Zero for the discovery.\n\nThe September update is also notable for [remediating](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) CVE-2021-30858 and CVE-2021-30860, both of which were [employed by NSO Group](<https://thehackernews.com/2021/08/bahraini-activists-targeted-using-new.html>), the makers of the Pegasus spyware, to get around the operating systems' security features.\n\nThis raises the possibility that CVE-2021-31010 may have been stringed together with the aforementioned two flaws in an attack chain to escape the sandbox and achieve arbitrary code execution.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-29T04:23:00", "type": "thn", "title": "CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28949", "CVE-2020-36193", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-31010", "CVE-2021-38406", "CVE-2021-39226", "CVE-2022-2294", "CVE-2022-22963", "CVE-2022-24112", "CVE-2022-24706", "CVE-2022-26352"], "modified": "2022-08-30T03:22:27", "id": "THN:5D50D5AA81EE14FA1044614364EAEBC6", "href": "https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T11:59:02", "description": "[![Apple Vulnerabilities](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEglTR0Ii9L3qtSuDJKc1Sna--9qt_00acsxU4IoPSOvvnV9AYpsHDRBRuGpUvXEBKFk3zIyrtzTLJZui-ibEM8KY0xP5ftNR1W9UV-5y_qDt8tUtfZeiowl-DxjAAUazrSAmy2M-ipK_aDRHBpBeVjyw-V_72rcorKKsv7-bUNu1v3jj5_Rc8TdoRDD/s728-e1000/apple.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEglTR0Ii9L3qtSuDJKc1Sna--9qt_00acsxU4IoPSOvvnV9AYpsHDRBRuGpUvXEBKFk3zIyrtzTLJZui-ibEM8KY0xP5ftNR1W9UV-5y_qDt8tUtfZeiowl-DxjAAUazrSAmy2M-ipK_aDRHBpBeVjyw-V_72rcorKKsv7-bUNu1v3jj5_Rc8TdoRDD/s728-e100/apple.jpg>)\n\nApple on Wednesday rolled out [software fixes](<https://support.apple.com/en-us/HT201222>) for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.\n\nThis includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).\n\nChief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google [disclosed](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.\n\n[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi0IORPLATc7sBagS3j2MEfWbfaT564we0HCpQxKyGV5ddTyfN4EXrPRxHhD1MbXvlGLR4KbmQXcsP9XTezTnpdH7V37ZhUsQLaJveId9m4lGa2trimp13A0tDRcJk51jkg7-Q70-Pnmv_4unts53n3uIo15x3DSOurm_ITR2KTT-jYyIgfeas62tSe/s728-e100/apple.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi0IORPLATc7sBagS3j2MEfWbfaT564we0HCpQxKyGV5ddTyfN4EXrPRxHhD1MbXvlGLR4KbmQXcsP9XTezTnpdH7V37ZhUsQLaJveId9m4lGa2trimp13A0tDRcJk51jkg7-Q70-Pnmv_4unts53n3uIo15x3DSOurm_ITR2KTT-jYyIgfeas62tSe/s728-e100/apple.jpg>)\n\nBesides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).\n\nAlso patched is a [Pointer Authentication](<https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html>) bypass affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation flaws in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).\n\nWhat's more, the latest version of macOS resolves five security vulnerabilities in the SMB module that could be potentially exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.\n\nUsers of Apple devices are recommended to update to iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 (Big Sur 11.6.8 or 2022-005 Catalina for older generation Macs), tvOS 15.6, and watchOS 8.7 to obtain the latest security protections.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T06:40:00", "type": "thn", "title": "Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-32785", "CVE-2022-32792", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32826", "CVE-2022-32829", "CVE-2022-32840", "CVE-2022-32844"], "modified": "2022-07-21T11:31:25", "id": "THN:80C4CCCAB293DD273948D1317EAC8B73", "href": "https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "alpinelinux": [{"lastseen": "2023-12-07T16:20:42", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2294", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-11-25T11:15:00", "id": "ALPINE:CVE-2022-2294", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T16:20:47", "description": "Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-28T01:15:00", "type": "alpinelinux", "title": "CVE-2022-2010", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2010"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2010", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-12-07T16:20:47", "description": "Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:15:00", "type": "alpinelinux", "title": "CVE-2022-2008", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2008"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2008", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2008", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-12-06T18:32:23", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript \nengines. If a user were tricked into viewing a malicious website, a remote \nattacker could exploit a variety of issues related to web browser security, \nincluding cross-site scripting attacks, denial of service attacks, and \narbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-15T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-15T00:00:00", "id": "USN-5568-1", "href": "https://ubuntu.com/security/notices/USN-5568-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "trellix": [{"lastseen": "2022-08-03T00:00:00", "description": "# The Bug Report \u2013 July 2022 Edition \n\nBy Trellix \u00b7 August 3, 2022 \nThis story was also written by Kasimir Schulz and Jesse Chick\n\n## Your Cybersecurity Comic Relief\n\n![The Bug Report \u2013 July 2022 Edition](https://www.trellix.com/en-us/img/newsroom/stories/the-bug-report-july-2022-edition-1.jpg)\n\n### Why am I here?\n\nWelcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at it again, trawling for this month's spiciest software-defined mishaps for your schadenfreudian pleasure. (Or, rather, we made the intern do it.) So crank up the AC, kick your feet up with your cold beverage of choice, and enjoy the cream of July\u2019s vulnerability crop.\n\nFortunately, most of the vulnerabilities that we report cannot cause fires no matter how they are abused. This month, however, we have something special for you with CVE-2022-2107. But don\u2019t worry, if that\u2019s too hot for you to handle we also have two more vulnerabilities that cause headaches:\n\n * CVE-2022-2294: WebRTC\n * CVE-2022-2107: MiCODUS MV720\n * CVE-2022-20857: Cisco Nexus Dashboard\n\n## CVE-2022-2294: Heaps of 4th of July fun in Mountain View!\n\n### What is it?\n\nWe have all heard and rolled our eyes at the banal adage that money cannot buy happiness (unless, of course, you are in Las Vegas). Money also cannot buy immunity from critical browser vulnerabilities, as one of the richest companies in the world learned once again earlier this month. While we in the United States were out celebrating Independence Day\u2014or \u201cGood-riddance Day,\u201d as it's known across the Pond\u2014Google was busy hustling out a patch for a high-severity heap-based buffer overflow ([CWE-122](<https://cwe.mitre.org/data/definitions/122.html>)) in WebRTC. \n\nIf you are like us and have seen \u201cWebRTC\u201d crop up in technical documentation time and time again without sufficient cause to look up what it is, here is all you need to know. WebRTC stands for Web Real-Time Communication. It is used in most common browsers (including, most notably for us, Google Chrome) to enable browser-to-browser video and audio streams without the need for plugins or other third-party installations. It is enabled by default in Chrome.\n\n### Who cares?\n\nIf you are reading this article, you\u2019re using a web browser. If I were to guess, you are viewing this article with Chrome and, according to [statcounter](<https://gs.statcounter.com/browser-market-share>), I\u2019d be right about two out of three times. Although the existing proof of concept (POC) referenced below was tailored to Chrome running on Windows hosts, it is likely that all browsers leveraging WebRTC are vulnerable to similar exploitation. This list includes Safari and Edge, the runners-up in the Chrome-dominated browser market. And it\u2019s not just desktop applications; this vulnerability affects Android devices as well. You get the idea. True enough, an attacker will almost surely need to go to all the effort of concocting an elaborate attack chain around CVE-2022-2294 to do serious damage. Still, how safe does that make you feel?\n\nDue to the give-and-take nature of responsible disclosure, very few details about the precise nature of the vulnerability tracked as CVE-2022-2294 have reached the public domain. What we do know for certain, thanks to some crafty forensic work from security researchers with Avast, is that this vulnerability has been exploited in the wild numerous times by known threat actors as part of a larger, targeted attack chain deployed against specific organizations in the Middle East.\n\nPerhaps the most accessible path to appreciating the potential impact of this on information security is through a cursory understanding of the event which led Avast to report the vulnerability to Google in the first place. Attackers were able to gain initial access to a Lebanese news agency\u2019s protected network via cross-site scripting (XSS). Their malicious JavaScript then scanned the set of accessible hosts for indications of vulnerability to CVE-2022-2294, delivering the exploit with precision. The shellcode execution achieved via WebRTC was used to deliver a sophisticated form of spyware known, graphically, as DevilsTongue, which was injected into the victim\u2019s kernel to furtively siphon off private data to the attackers. The good people at Avast elaborate further on the details of CVE-2022-2294's discovery and its in-the-wild exploitation in [their own blog](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>).\n\n### What can I do?\n\nLuckily for us, Google engineers don\u2019t like fireworks and pushed out a patch within days of initial disclosure. Microsoft followed suit the following day (July 5) with a patch for Edge, and Apple, taking its sweet time, patched Safari on the 20th. If you have automatic browser updates enabled (which you probably should, hint hint), you are already impervious to this piece of mischief. Chrome users who prefer manual updates should ensure they are running version [103.0.5060.114](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) or newer.\n\n## CVE-2022-2107: Anyone know a good automotive exorcist?\n\n### What is it?\n\nLet's be honest, hacker movies piss us off. Simply enter the master password and you\u2019re in? Give us a break. Well, looks like Hollywood isn\u2019t that far off after all. CVE-2022-2107 is a hardcoded key in the API server belonging to MiCODUS, a company that sells professional GPS trackers. This CVE may just be a hardcoded key in the API server, but it allows attackers unauthenticated access to log into the web server, to impersonate users, and directly send commands to the GPS trackers of MiCODUS MV720 devices. Rather than logging in and obtaining a key, attackers can use the hardcoded key when accessing API endpoints. CVE-2022-2107 gives attackers power on par with Jeff Goldblum in Independence Day, letting a hacker use any device with internet capabilities to take down entire fleets of vehicles. By using the hardcoded key an attacker can cut off fuel to vehicles, enable and disable alarms, and track the vehicles\u2019 GPS location in real time. The key also allows attackers to access and modify all other data such as routes and geofences. Now, I know what you must be thinking, this sounds too good to be true, there must be some catch or some sort of condition for when this vulnerability can be exploited, and you would be right. In order to target the GPS trackers an attacker will need to know the device ID, but sadly for the users, this is sequentially generated.\n\nAlready sweating like Ted Striker in Airplane? Well... [BitSight](<https://www.bitsight.com/>), the company that reported this CVE, reported [several](<https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf>) other vulnerabilities including information about device usage and vulnerable attack surfaces. Among these vulnerabilities was a way to send commands directly to the tracker (CVE-2022-2141) allowing an attacker to execute commands if they had the password for the device. BitSight also found that since the device did not prompt the users to change their password, most (94.5% of the sample) devices used the default password of 123456. \n\n### Who cares?\n\nAre you part of a Fortune 50 company in energy, oil, or gas? How about a national government or law enforcement agency? Maybe you are part of a manufacturing conglomerate? No? So, then you think that you probably shouldn\u2019t worry about this vulnerability, right? Wrong. Not only does the vulnerability have the potential to shut down entire supply chains by turning off fleets of cars, but the vulnerability also allows attackers to shut off cars potentially causing accidents on the road resulting in potential injuries. Over the course of several months, BitSight gathered data and identified differences in the usage of the MiCODUS devices throughout the globe as seen in the graphic below.\n\nIn their report, BitSight published proof of concept attacks for each reported vulnerability along with publishing the hardcoded key for the API server. BitSight first contacted MiCODUS on September 9, 2021, however, luckily for malicious actors, MiCODUS has been slower than congressional proceedings when it has come to patching. As of the writing of this blog the hardcoded key can still be used to access any API endpoint injunction with the device ID. Device IDs are easy to guess through brute force methods as they are sequentially generated based on the format 72011XXXXXX. \n\n![The Bug Report \u2013 July 2022 Edition](https://www.trellix.com/en-us/img/newsroom/stories/the-bug-report-july-2022-edition-2.jpg) Geographical differences in sector usages found by [BitSight](<https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf>) \n\n\n### What can I do?\n\nIf you have read our bug reports in the past you know that normally our advice is to Patch, Patch, Patch!! However, with this CVE there is nothing that the average users can do other than disable their devices. The vulnerability described in CVE-2022-2107 exists within MiCODUS\u2019s server and can only be patched by them. For users and organizations hosting their own API server, make sure that you have proper authentication on API endpoints.\n\nWhile there is nothing the average user can do for CVE-2022-2107 other than disabling their devices, there are things that they should do for the other CVE\u2019s filed by BitSight. The most important of these is to update your default password. According to BitSight, 94.5% of the devices they sampled were using the default password and could therefore be controlled without the need for other vulnerabilities. \n\n## CVE-2022-20857: Ignorance isn't always bliss...\n\n### What is it?\n\nIt\u2019s not only college business majors who enjoy pretty, graphical abstractions of dense technical information; we command line folks love a nice interactive overview of our networked devices, too. That is assuming, of course, that said dashboard is not riddled with vulnerabilities, like the Cisco Nexus Dashboard. During a recent internal audit of Cisco\u2019s product suite, ASIG (Cisco\u2019s Advanced Security Initiatives Group) discovered three serious vulnerabilities affecting all versions of the Nexus Dashboard, the most critical of which is CVE-2022-20857.\n\nThe culprit is a single API endpoint which lacks authentication ([CWE-306](<https://cwe.mitre.org/data/definitions/306.html>)), exposing an attack vector through which a malicious agent could achieve remote code execution as root over HTTP. To appreciate the scope of the vulnerability more fully, we need to establish a rudimentary understanding of how Nexus Dashboard is architected. Logically speaking, the dashboard consists of a cluster of several services supporting its many available features. This cluster is exposed to two distinct network interfaces:\n\n * The management network, over which information is exchanged between the cluster and the Dashboard GUI, including actions such as firmware uploads and other core services e.g. SSH and DNS. \n * The data network, which handles all traffic between the cluster and the rest of the connected Cisco infrastructure, as well as intra-cluster communication.\n\nThe vulnerable API endpoint lives in the **data network**, suggesting that exploitation of CVE-2022-20857 could allow an attacker to pivot to any host reachable by the compromised device.\n\n### Who cares?\n\nAt risk of stating the obvious, if you or your organization is using the Nexus Dashboard, this and the other vulnerabilities outlined in [Cisco\u2019s security advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y>) should be of top concern. In the worst-case scenario, a compromised host with access to core internal routing and hosting services is about as bad as it can get in information security.\n\n### What can I do?\n\nBefore any additional sphincter-tightening takes place, you should know that Cisco has patched these vulnerabilities in the [May 8th release](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/release-notes/cisco-nexus-dashboard-release-notes-221.html>) (2.2.1e) of Nexus Dashboard. If you\u2019re unsure of which version your organization is currently using, you can verify this easily by logging in to the Dashboard\u2019s command line interface via SSH and running `acs version`. **All versions prior to 2.2.1e are vulnerable**, so your network administrator should update to this or the subsequent version 2.2.1h, available as of June 6. This can be done by the recommended means of [upgrading your entire Dashboard cluster](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/user-guide/cisco-nexus-dashboard-user-guide-211/operations.html#_firmware_management_cluster_upgrades>) in one go, or by [manually upgrading individual nodes](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/user-guide/cisco-nexus-dashboard-user-guide-211/troubleshooting.html#_manual_upgrades>) in the cluster if needed.\n", "cvss3": {}, "published": "2022-08-03T00:00:00", "type": "trellix", "title": "The Bug Report \u2013 July 2022 Edition", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-20857", "CVE-2022-2107", "CVE-2022-2141", "CVE-2022-2294"], "modified": "2022-08-03T00:00:00", "id": "TRELLIX:6AC0A8EB929E0B0AC515928EFCB01642", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-july-2022-edition.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2023-12-06T15:40:00", "description": "Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.\n\nThe bug, tracked as [CVE-2022-2856](<https://vulners.com/cve/CVE-2022-2856>) and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with \u201cinsufficient validation of untrusted input in Intents,\u201d according to [the advisory](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) posted by Google.\n\nGoogle credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19. The advisory also unveiled 10 other patches for various other Chrome issues.\n\nIntents are a deep linking feature on the Android device within the Chrome browser that replaced URI schemes, which previously handled this process, [according to Branch](<https://branch.io/glossary/chrome-intents/>), a company that offers various linking options for mobile applications.\n\n\u201cInstead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document,\u201d the company explained on its website. Intent \u201cadds complexity\u201d but \u201cautomatically handles the case of the mobile app not being installed\u201d within links, according to the post.\n\nInsufficient validation is associated with input validation, a frequently-used technique for checking potentially dangerous inputs to ensure that they are safe for processing within the code, or when communicating with other components, [according to MITRE\u2019s Common Weakness Enumeration site](<https://cwe.mitre.org/data/definitions/20.html>).\n\n\u201cWhen software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application,\u201d according to a post on the site. \u201cThis will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.\u201d\n\n**Fending Off Exploits**\n\nAs is typical, Google did not disclose specific details of the bug until it is widely patched to avoid threat actors taking further advantage of it, a strategy that one security professional noted is a wise one.\n\n\u201cPublicizing details on an actively exploited zero-day vulnerability just as a patch becomes available could have dire consequences, because it takes time to roll out security updates to vulnerable systems and attackers are champing at the bit to exploit these types of flaws,\u201d observed Satnam Narang, senior staff research engineer at cybersecurity firm [Tenable,](<https://www.tenable.com/>) in an email to Threatpost.\n\n** **Holding back info is also sound given that other Linux distributions and browsers, such as Microsoft Edge, also include code based on Google\u2019s Chromium Project. These all could be affected if an exploit for a vulnerability is released, he said.\n\n\u201cIt is extremely valuable for defenders to have that buffer,\u201d Narang added.\n\nWhile the majority of the fixes in the update are for vulnerabilities rated as high or medium risk, Google did patch a critical bug tracked as [CVE-2022-2852](<https://vulners.com/cve/CVE-2022-2852>), a use-after-free issue in FedCM reported by Sergei Glazunov of Google Project Zero on Aug. 8. FedCM\u2014short for the Federated Credential Management API\u2013provides a use-case-specific abstraction for federated identity flows on the web, [according to Google](<https://developer.chrome.com/docs/privacy-sandbox/fedcm/>).\n\n**Fifth Chrome 0Day Patch So Far**\n\nThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.\n\nIn July, the company fixed an [actively exploited heap buffer overflow flaw](<https://threatpost.com/actively-exploited-chrome-bug/180118/>) tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) in WebRTC, the engine that gives Chrome its real-time communications capability, while in May it was a separate buffer overflow flaw tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) and under active attack that got slapped with a patch.\n\nIn April, Google patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), a type confusion flaw affecting Chrome\u2019s use of the V8 JavaScript engine on which attackers already had pounced. The previous month a separate type-confusion issue in V8 tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack also [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>).\n\nFebruary saw a fix for the first of this year\u2019s Chrome zero-days, a use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that already [was under attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>). Later [it was revealed](<https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/>) that North Korean hackers were exploiting the flaw weeks before it was discovered and patched.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T14:31:38", "type": "threatpost", "title": "Google Patches Chrome\u2019s Fifth Zero-Day of the Year", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2852", "CVE-2022-2856"], "modified": "2022-08-18T14:31:38", "id": "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC", "href": "https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-05T11:54:40", "description": "While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.\n\nChrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in [separate ](<https://chromereleases.googleblog.com/>)[blog posts](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.\n\nThe vulnerability, tracked as [CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) and reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1**, **is described as a buffer overflow, \u201cwhere the buffer that can be overwritten is allocated in the heap portion of memory,\u201d according to the vulnerability\u2019s [listing](<https://cwe.mitre.org/data/definitions/122.html>) on the Common Weakness Enumeration (CWE) website.\n\nAs per usual, Google did not reveal specific details about the bug, as it generally waits until most have updated to the patched version of the affected product. Indeed, updating is strongly recommended, as exploits for the vulnerability already exist in the wild, Google said.\n\nMoreover, with scant details revealed about the flaw\u2014a habit of Google\u2019s that many security researchers find frustrating\u2014at this point an update is really only way to defend against attacks exploiting the flaw. Fortunately, Google Chrome updates are pushed out without user intervention, so most users will be protected once patches are available.\n\nBuffer overflows generally lead to crashes or other attacks that make the affected program unavailable including putting the program into an infinite loop, according to the CWE listing. Attackers can take advantage of the situation by using the crash to execute arbitrary code typically outside of the scope of the program\u2019s security policy.\n\n\u201cBesides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\u2019s code,\u201d according to the listing. \u201cEven in applications that do not explicitly use function pointers, the run-time will usually leave many in memory.\u201d\n\n## **Other Fixes**\n\nIn addition to fixing the zero-day buffer overflow flaw, the Chrome releases also patch a type confusion flaw in the V8 JavaScript engine tracked as [CVE-2022-2295](<https://security-tracker.debian.org/tracker/CVE-2022-2295>) and reported June 16 by researchers \u201cavaue\u201d and \u201cBuff3tts\u201d at S.S.L., according to the post.\n\nThis is the third such flaw in the open-source engine used by Chrome and Chromium-based web browsers patched this year alone. In March a separate type-confusion issue in the V8 JavaScript engine tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>) from Google.\n\nThen in April, the company patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), another type confusion flaw affecting Chrome\u2019s use of V8 on which attackers already had pounced.\n\nAnother flaw patched in Monday\u2019s Chrome update is a use-after-free flaw in Chrome OS Shell reported by Khalil Zhani on May 19 and tracked as [CVE-2022-2296](<https://cve.report/CVE-2022-2296>), according to Google. All of the flaws patched in this week\u2019s update received a rating of high. The updates also includes several fixes from internal audits, fuzzing and other initiatives, Google said.\n\nPrior to patching the Chrome V8 JavaScript engine flaws in March and April, Google in February already had patched a zero-day use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that [was under active attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T11:54:21", "type": "threatpost", "title": "Google Patches Actively Exploited Chrome Bug", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-05T11:54:21", "id": "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "href": "https://threatpost.com/actively-exploited-chrome-bug/180118/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "avleonov": [{"lastseen": "2022-08-14T11:59:47", "description": "Hello everyone! Microsoft has been acting weird lately. I mean the recent [publication of a propaganda report](<https://t.me/avleonovcom/1021>) about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn't be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in theory, should be more or less neutral, does this\u2026 This is a clear signal. It's not about business anymore. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239096>\n\nI'll take a closer look at this report in the next episode of the Vulnerability Management news, but for now let's take a look at Microsoft July Patch Tuesday. Yes, the vendor is behaving strangely, but Microsoft products need to be patched. Right? At least for now. And tracking vulnerabilities is always a good thing. ![\ud83d\ude42](https://s.w.org/images/core/emoji/14.0.0/72x72/1f642.png)\n\nOn July Patch Tuesday, July 12, 84 vulnerabilities were released. Between June and July Patch Tuesdays, 15 vulnerabilities were released. This gives us 99 vulnerabilities in the report. \n \n \n $ cat comments_links.txt \n Qualys|July 2022 Patch Tuesday. Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.|https://blog.qualys.com/vulnerabilities-threat-research/2022/07/12/july-2022-patch-tuesday\n ZDI|The July 2022 Security Update Review|https://www.zerodayinitiative.com/blog/2022/7/12/the-july-2022-security-update-review\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"July\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n Creating Patch Tuesday profile...\n MS PT Year: 2022\n MS PT Month: July\n MS PT Date: 2022-07-12\n MS PT CVEs found: 84\n Ext MS PT Date from: 2022-06-15\n Ext MS PT Date to: 2022-07-11\n Ext MS PT CVEs found: 15\n ALL MS PT CVEs: 99\n ...\n\n * Urgent: 0\n * Critical: 1\n * High: 19\n * Medium: 78\n * Low: 1\n\nInterestingly, in this Patch Tuesday, more than half of all vulnerabilities are EoP.\n\n## CSRSS EoP\n\nWhat can I say, prioritization in [Vulristics](<https://github.com/leonov-av/vulristics>) works correctly. At the top of the July Patch Tuesday list is one critical and actively exploited **Elevation of Privilege** in Windows CSRSS (CVE-2022-22047). This vulnerability has been widely reported in the media.\n\nClient Server Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem and is included in Windows NT 3.1 and later. Because most of the Win32 subsystem operations have been moved to kernel mode drivers in Windows NT 4 and later, CSRSS is mainly responsible for Win32 console handling and GUI shutdown.\n\nCSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or side-by-side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.\n\nThis Elevation of Privilege vulnerability in CSRSS allows an attacker to execute code as SYSTEM, provided they can execute other code on the target. Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft\u2019s delay in blocking all Office macros by default.\n\nMicrosoft says this vulnerability has been exploited in the wild, though no further details have been shared. There is no public exploit yet. Two similar vulnerabilities in CSRSS (CVE-2022-22049 and CVE-2022-22026) were also fixed, likely as a result of Microsoft\u2019s investigation into the in-the-wild exploitation of CVE-2022-22047.\n\n## RPC RCE\n\n**Remote Code Execution** in Remote Procedure Call Runtime (CVE-2022-22038). Here Microsoft has a POC exploit. This July Patch Tuesday bug could allow a remote, unauthenticated attacker to exploit code on an affected system. While not specified in the bulletin, the presumption is that the code execution would occur at elevated privileges. Combine these attributes and you end up with a potentially wormable bug. Microsoft states the attack complexity is high. Additional actions by an attacker are required in order to prepare a target for successful exploitation and an attacker would need to make \u201crepeated exploitation attempts\u201d to take advantage of this bug, but unless you are actively blocking RPC activity, you may not see these attempts.\n\n## Microsoft Edge Memory Corruption\n\nBetween June and July Patch Tuesday, **Memory Corruption** in Microsoft Edge (CVE-2022-2294) was released. Heap buffer overflow in WebRTC, to be precise. WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps. So, the vulnerability is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. Google is aware that an exploit for this vulnerability exists in the wild. If you\u2019re using Microsoft Edge (Chromium-based), make sure it gets updated as soon as possible.\n\n## Azure Site Recovery RCEs and EOPs\n\nThere are also a lot of vulnerabilities in Azure Site Recovery in July Patch Tuesday. Both EoPs and RCEs, and quite a few with non-public exploits of the POC maturity level. According to the description "Site Recovery is a native disaster recovery as a service (DRaaS)", it would seem that this should be patched by Microsoft themselves. But in fact, there is a Microsoft Azure Site Recovery suite installed on the hosts, and at least some of the vulnerabilities were found in it. \n\nLet's see, for example, **Elevation of Privilege** in Azure Site Recovery (CVE-2022-33675). The vulnerability was discovered and [reported to Microsoft by Tenable researcher Jimi Sebree](<https://www.tenable.com/security/research/tra-2022-26>). The Microsoft Azure Site Recovery suite contains a DLL hijacking flaw that allows for privilege escalation from any low privileged user to SYSTEM. \n\nIncorrect permissions on the service\u2019s executable directory (E:\\Program Files (x86)\\Microsoft Azure Site Recovery\\home\\svsystems\\transport\\\\) allow new files to be created by any user. The service launched from this directory runs automatically and with SYSTEM privileges and attempts to load several DLLs from this directory. This allows for a DLL hijacking/planting attack via several libraries that are attempted to be loaded from this location when the service is launched. Existing deployments should ensure that the Microsoft-supplied patches have been appropriately applied.\n\nThe full Vulristics report is available here: [ms_patch_tuesday_july2022_report](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_july2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-23T08:34:29", "type": "avleonov", "title": "Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22038", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-2294", "CVE-2022-33675"], "modified": "2022-07-23T08:34:29", "id": "AVLEONOV:B87691B304EF70215B926F66B871260A", "href": "https://avleonov.com/2022/07/23/microsoft-patch-tuesday-july-2022-propaganda-report-csrss-eop-rpc-rce-edge-azure-site-recovery/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-06-24T21:57:29", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 55 vulnerabilities (aka flaws) in the June 2022 update, including three (3) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday cumulative Windows update includes the fix for one (1) zero-day vulnerability ([CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)). Microsoft also released an advisory for Intel Processor MMIO Stale Data Vulnerabilitie to address four (4) Intel vulnerabilities ([Microsoft Advisory 220002](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220002>), [Intel-SA-00615](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)).\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing vulnerabilities.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation in the wild with the exception of an update to [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability made public in May.\n\n### The June 2022 Microsoft vulnerabilities are classified as follows: \n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/06/15/microsoft-patches-55-vulnerabilities-including-one-zero-day-and-three-critical-in-the-june-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nMicrosoft has fixed the widely-exploited _**Windows Follina MSDT zero-day**_ vulnerability tracked as[ CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>) in the June 2022 Updates.\n\nThe update for this vulnerability is in the June 2022 cumulative Windows Updates. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected._**\n\nOn May 31st Qualys released **QID 91909 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability (Follina) (Zero Day)**. \n \nOn June 14th, Microsoft released the patch for this vulnerability in the June 2022 cumulative Windows Updates. \n \nQualys will modify our existing detection signature to check for the PATCH ONLY and apply a minor title revision to remove the zero-day reference:** QID 91909 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability (Follina).** \n \nQualys will also release a NEW Information Gathered (IG) detection that will test for the MITIGATION ONLY: **QID 45538 Microsoft Support Diagnostic Tool (MSDT) URL Protocol Vulnerability Disabled (Follina Mitigation Enabled).** \n \nThese updates will be included in the June 14th evening\u2019s Patch Tuesday release cycle. \n_(VULNSIGS-2.5.504-4, QAGENT-SIGNATURE-SET-2.5.504.4-3, LX_MANIFEST-2.5.504.4-4)_ \n--- \n \n![](https://blog.qualys.com/wp-content/uploads/2022/06/CVE-2022-30190-1-1070x246.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) _Examine a potential attack vector as well as technical details of Follina, and chart the ability to detect this new vulnerability using both Qualys Multi-Vector EDR and Qualys Context XDR._ [Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR](<https://blog.qualys.com/product-tech/2022/06/14/detect-the-follina-msdt-vulnerability-cve-2022-30190-with-qualys-multi-vector-edr-context-xdr>)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/05/31/microsoft-windows-support-diagnostic-tool-msdt-remote-code-execution-vulnerability-cve-2022-30190/>)\n\n* * *\n\n### Microsoft Guidance on Intel [Processor MMIO Stale Data Vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)\n\n#### [Microsoft Advisory 220002](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220002>), [Intel-SA-00615](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>)\n\nOn June 14, 2022, Intel published information about a class of memory-mapped I/O vulnerabilities known as [Processor MMIO Stale Data Vulnerabilities](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html>).\n\nAn attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.\n\nThese vulnerabilities are known as:\n\n * [CVE-2022-21123](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21123>) | Shared Buffer Data Read (SBDR) \n * [CVE-2022-21125](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21125>) | Shared Buffer Data Sampling (SBDS)\n * [CVE-2022-21127](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21127>) | Special Register Buffer Data Sampling Update (SRBDS Update)\n * [CVE-2022-21166](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21166>) | Device Register Partial Write (DRPW)\n\n**Important**: These vulnerabilities might affect other operating systems and service providers. We advise customers to seek guidance from their respective vendors.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/06/15/microsoft-releases-patches-for-the-intel-processor-mmio-stale-data-vulnerabilities-in-june-2022-patch-tuesday/>)\n\n* * *\n\n### Windows Server 2022 Azure Edition Core Hotpatch ([KB5014677](<https://support.microsoft.com/en-us/topic/june-14-2022-kb5014677-os-build-20348-770-a7a0d557-bd34-4867-bf6f-a47fbc997810>)) **OS Build 20348.770**\n\nWindows Server 2022 Azure Edition Core Hotpatch ([KB5014677](<https://support.microsoft.com/en-us/topic/june-14-2022-kb5014677-os-build-20348-770-a7a0d557-bd34-4867-bf6f-a47fbc997810>)) addresses 22 unique vulnerabilities, ranging in severity from a CVSSv3.1 score of 5.3/10 to 8.8/10, as summarized below.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-2.png)\n\n* * *\n\n# **Microsoft Critical and Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun>) covers multiple Microsoft product families, including Azure, Developer Tools, Edge-Chromium Browser, Microsoft Office, SQL Server, System Center, and Windows.\n\nA total of 25 unique Microsoft products/versions are affected.\n\nDownloads include Azure Hotpatch, Cumulative Updates, Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>) | Windows Network File System Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely._**\n\n* * *\n\n### [CVE-2022-30157](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30157>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nIn a network-based attack, an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.\n\nThe attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**.\n\n* * *\n\n### [CVE-2022-30158](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn authenticated attacker with access to a server that has Sandboxed Code Service enabled could execute code in the context of the web service account.\n\nThe attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Unlikely_**.\n\n* * *\n\n### [CVE-2022-30165](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30165>) | Windows Kerberos Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nSystems configured to activate both of the following features in Windows Server: CredSSP (Credential Security Service Provider) and RCG (Remote Credential Guard) might be vulnerable to this exploit.\n\nAn authenticated attacker could exploit this vulnerability to elevate privileges and then spoof the Kerberos login process when a remote credential guard connection is made via CredSSP over the network.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**.\n\n* * *\n\n### [CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>) | Windows Hyper-V Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.5/10.\n\nTo exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition. \n\nIn this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30164](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30164>) | Windows Kerberos AppContainer Security Feature Bypass Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.4/10.\n\nA low privilege attacker could execute a script within an App Container to request a service ticket and thereby gain elevation to the service privilege.\n\nAn attacker could bypass the Kerberos service ticketing feature which performs user access control checks\n\nIn this case, a successful attack could be performed from a low privilege [AppContainer](<https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation>). The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nThis vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable.\n\nFor more information, please see [LDAP policies](<https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3f0137a1-63df-400c-bf97-e1040f055a99>).\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n### [CVE-2022-30145](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30145>) | Windows Encrypting File System (EFS) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely._**\n\n* * *\n\n## **Microsoft Last But Not Least**\n\nEarlier in June, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities on June 9 Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability ([CVE-2022-22021](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22021>)) and an additional four (4) vulnerabilities on June 13 ([CVE-2022-2011](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2011>), [CVE-2022-2010](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2010>), [CVE-2022-2008](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2008>), [CVE-2022-2007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2007>)).\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released six (6) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 46 vulnerabilities affecting Adobe Animate, Bridge, Illustrator, InCopy, InDesign, and RoboHelp Server. Of these 46 vulnerabilities, 40 are rated as **_Critical_**; ranging in severity from a CVSSv3.1 score of 5.5/10 to 7.8/10, as summarized below.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-3.png)\n\n### [APSB22-24](<https://helpx.adobe.com/security/products/animate/apsb22-24.html>) | Security updates available for Adobe Animate\n\nThis update resolves one (1) **_Critical_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n\n* * *\n\n### [APSB22-25](<https://helpx.adobe.com/security/products/bridge/apsb22-25.html>) | Security updates available for Adobe Bridge\n\nThis update resolves 11 **_Critical_** and one (1) _**Important **_vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, and memory leak. \n\n* * *\n\n### [APSB22-26](<https://helpx.adobe.com/security/products/illustrator/apsb22-26.html>) | Security updates available for Adobe Illustrator\n\nThis update resolves 13 **_Critical_**, and four (4) **_Important _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-29](<https://helpx.adobe.com/security/products/incopy/apsb22-29.html>) | Security updates available for Adobe InCopy\n\nThis update resolves eight (8) **_Critical_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-30](<https://helpx.adobe.com/security/products/indesign/apsb22-30.html>) | Security updates available for Adobe InDesign\n\nThis update resolves seven (7) **_Critical_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nThis update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-31](<https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html>) | Security updates available for RoboHelp Server\n\nThis update resolves one (1) **_Moderate_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security hotfix for RoboHelp Server 11 (Update 3) and prior releases. This hotfix resolves a security vulnerability that allows end-users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.\n\nThis update resolves a vulnerability rated [moderate](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to privilege escalation. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`45538` OR qid:`91909` OR qid:`91910` OR qid:`91911` OR qid:`91912` OR qid:`91913` OR qid:`91914` OR qid:`91915` OR qid:`91916` OR qid:`91917` OR qid:`91918` OR qid:`91919` OR qid:`110409` OR qid:`110410` OR qid:`376665` OR qid:`376666` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/VMDR-June2022-1-1070x519.png)\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday:\n \n \n ( qid:`45538` OR qid:`91909` OR qid:`91910` OR qid:`91911` OR qid:`91912` OR qid:`91913` OR qid:`91914` OR qid:`91915` OR qid:`91916` OR qid:`91917` OR qid:`91918` OR qid:`91919` OR qid:`110409` OR qid:`110410` OR qid:`376665` OR qid:`376666` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/PATCH-June2022-1070x488.png)\n\n* * *\n\n# \nQualys Monthly Webinar Series \n\n![This image has an empty alt attribute; its file name is image-1070x560.jpeg](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T20:00:00", "type": "qualysblog", "title": "June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22021", "CVE-2022-30136", "CVE-2022-30139", "CVE-2022-30145", "CVE-2022-30157", "CVE-2022-30158", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30190"], "modified": "2022-06-14T20:00:00", "id": "QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-15T23:58:32", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 84 vulnerabilities (aka flaws) in the July 2022 update, including four (4) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday cumulative Windows update includes the fix for one (1) actively exploited zero-day vulnerability ([CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)). Earlier this month, July 6, 2022, Microsoft also released two (2) Microsoft Edge (Chromium-Based) security updates as well.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Tampering.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation (in the wild) except for [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>), a Windows CSRSS Elevation of Privilege Vulnerability.\n\n## The July 2022 Microsoft vulnerabilities are classified as follows: \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-JULY-IMPACT-1.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/07/13/microsoft-patches-84-vulnerabilities-including-one-zero-day-and-four-critical-in-the-july-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>) | Windows CSRSS Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nElevation of Privilege - Important - An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. (Article [5015874](<https://support.microsoft.com/help/5015874>))\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n# **Microsoft Critical Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul>) covers multiple Microsoft product families, including Azure, Browser, ESU, Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 63 unique Microsoft products/versions are affected.\n\nDownloads include Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30221](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221>) | Windows Graphics Component Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.\n\nWindows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 are only affected by this vulnerability if either RDP 8.0 or RDP 8.1 is installed. If you do not have either of these versions of RDP installed on Windows 7 SP1 or Window Server 2008 R2 SP1, then you are not affected by this vulnerability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Microsoft Last But Not Least**\n\nEarlier in July, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) and [CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released four (4) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 27 vulnerabilities affecting Adobe Acrobat, Character Animator, Photoshop, Reader, and RoboHelp applications. Of these 27 vulnerabilities, 18 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 6.5/10 to 7.8/10, as summarized below.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-JULY-ADOBE.png)\n\n* * *\n\n### [APSB22-10](<https://helpx.adobe.com/security/products/robohelp/apsb22-10.html>) | Security update available for RoboHelp\n\nThis update resolves one (1) [**_Important_** ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for RoboHelp. This update resolves a vulnerability rated [important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to arbitrary code execution in the context of current user. \n\n* * *\n\n### [APSB22-32](<https://helpx.adobe.com/security/products/acrobat/apsb22-32.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves 22 vulnerabilities; 15 **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and seven (7) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_**[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2**_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>), and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-34](<https://helpx.adobe.com/security/products/character_animator/apsb22-34.html>) | Security Updates Available for Adobe Character Animator\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>) _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution.\n\n* * *\n\n### [APSB22-35](<https://helpx.adobe.com/security/products/photoshop/apsb22-35.html>) | Security update available for Adobe Photoshop\n\nThis update resolves two (2) vulnerabilities; one (1) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and one (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability and an [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n* * *\n\n# Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-VMDR-1-1070x451.png)\n\n* * *\n\n# Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-Patch-1070x451.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n![This image has an empty alt attribute; its file name is image-1070x560.jpeg](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T20:09:23", "type": "qualysblog", "title": "July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-30190", "CVE-2022-30221"], "modified": "2022-07-12T20:09:23", "id": "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-14T08:08:58", "description": "Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug ([CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>); _QID 377804_) is a Type Confusion vulnerability in Chrome\u2019s V8 JavaScript Engine.\n\nGoogle has withheld details about the vulnerability to prevent expanding its malicious exploitation and to allow users time to apply the security updates necessary on their Chrome installations.\n\nGoogle\u2019s previous zero-days were also released right before a weekend (see [Don\u2019t spend another weekend patching Chrome](<https://blog.qualys.com/product-tech/2022/10/28/chrome-zero-day-cve-2022-3723>) and [Don\u2019t Spend Your Holiday Season Patching Chrome](<https://blog.qualys.com/product-tech/patch-management/2022/11/29/dont-spend-your-holiday-season-patching-chrome>)).\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/Picture1.jpg)\n\n## Organizations respond, but slowly\n\nAnalyzing anonymized data from the Qualys data lake, the Qualys Threat Research Unit found for Chrome zero-day vulnerabilities introduced between February and August, more than 90% of these instances were remediated. However, it took 11-21 days to remediate via the Chrome patch. With the frequency of vulnerabilities released in this widely used browser and the fact that browsers, by their nature, are more exposed to external attacks, reducing the MTTR for those Chrome vulnerabilities is critical.\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/12/image.png)2022 Chrome Zero-Day Vulnerabilities, MTTR\n\nOf the nine Chrome zero-day threats this year, five were introduced just before the weekend on a Thursday or Friday. Organizations that don't leverage automated patching must spend the weekend or holiday working on the manual, lengthy process of detecting vulnerable devices, preparing the Chrome patch, testing it, and deploying it to affected assets.\n\nCVE| Release Date| Day of the Week| Vulnerability Remediation Rate \n---|---|---|--- \nCVE-2022-0609| 2/14/2022| Monday| 94% \nCVE-2022-1096| 3/25/2022| **Friday**| 94% \nCVE-2022-1364| 4/14/2022| **Thursday**| 93% \nCVE-2022-2294| 7/4/2022| Monday| 93% \nCVE-2022-2856| 8/16/2022| Tuesday| 91% \nCVE-2022-3075| 9/2/2022| **Friday**| 85% \nCVE-2022-3723| 10/27/2022| **Thursday**| 65% \nCVE-2022-4135| 11/24/2022| **Thursday (Thanksgiving)**| 52% \nCVE-2022-4262| 12/2/2022| **Friday**| NA \n2022 Chrome Zero-Day vulnerability release dates and percentage of remediation\n\n## Qualys Patch Management speeds remediation\n\nThe Qualys Threat Research Unit has found on average critical vulnerabilities are weaponized in 15.9 days. Significantly reducing MTTR shortens the exposure window and improves an organization's risk posture.\n\n[Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) with Zero-Touch Patching allows organizations to use their Qualys Cloud Agent for vulnerability management and to deploy third-party application patches, including Chrome. If the Qualys Cloud Agent is installed on an asset, customers can patch it, regardless of any other deployed patch solution. By defining a simple zero-touch policy, assets can automatically deploy patches when the vendor releases a new one. If testing patches like Chrome is required before production deployment, automatically setup a zero-touch policy to deploy to a set of test devices before deploying the same tested patches to production devices.\n\nIf you are a Qualys customer without Patch Management, a [trial](<https://www.qualys.com/apps/patch-management/>) can be enabled quickly, leveraging the same agent used with VMDR. This allows you to immediately deploy the Chrome patch to your environment and create those automation jobs to ensure that the next time Google or any other vendor releases a patch, your assets are automatically updated.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T05:24:27", "type": "qualysblog", "title": "The 9th Google Chrome Zero-Day Threat this Year \u2013 Again Just Before the Weekend", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-03T05:24:27", "id": "QUALYSBLOG:058E013CF475F33D6DEBB8955340D15B", "href": "https://blog.qualys.com/category/product-tech/patch-management", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-14T00:03:27", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 121 vulnerabilities (aka flaws) in the August 2022 update, including 17 vulnerabilities classified as **_Critical_** as they allow Elevation of Privilege (EoP) and Remote Code Execution (RCE). This month's Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks ([CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>)*****,[ CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)). Earlier this month, August 5, 2022, Microsoft also released 20 Microsoft Edge (Chromium-Based) updates addressing Elevation of Privilege (EoP), Remote Code Execution (RCE), and Security Feature Bypass with severities of Low, Moderate, and Important respectively.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Spoofing.\n\n## **The August 2022 Microsoft vulnerabilities are classified as follows:**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/August2022-ImpactSeverityRoundUp-1.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n\n# **Notable Microsoft Vulnerabilities Patched**\n\nA vulnerability is classified as a zero-day if it is publicly disclosed or actively exploited with no official fix available.\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34713](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713>) | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nIn May, Microsoft released a [blog](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) giving guidance for a vulnerability in MSDT and released updates to address it shortly thereafter. Public discussion of a vulnerability can encourage further scrutiny on the component, both by Microsoft security personnel as well as their research partners. _This CVE is a variant of the vulnerability publicly known as Dogwalk._\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n> ![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) Qualys director of vulnerability and threat research, [Bharat Jogi](<https://blog.qualys.com/author/bharat_jogi>), said DogWalk had actually been reported back in 2019 but at the time was not thought to be dangerous as it required \u201csignificant user interaction to exploit,\u201d and there were other mitigations in place.\n> \n> - _Excerpt from [Surge in CVEs as Microsoft Fixes Exploited Zero Day Bug](<https://www.infosecurity-magazine.com/news/surge-cves-microsoft-fixes/>)_\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-30134](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>) | Microsoft Exchange Information Disclosure Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.6/10.\n\nThis vulnerability requires that a user with an affected version of Exchange Server access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message. For more information, see [Exchange Server Sup](<https://aka.ms/ExchangeEPDoc>)[port for Windows Extended Protection](<https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/>) and/or [The Exchange Blog](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2022-exchange-server-security-updates/ba-p/3593862>).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Unlikely_**\n\n* * *\n\n## **Security Feature Bypass Vulnerabilities Addressed**\n\nThese are **standalone security updates**. These packages must be installed in addition to the normal security updates to be protected from this vulnerability.\n\nThese security updates have a Servicing Stack Update prerequisite for specific KB numbers. The packages have a built-in pre-requisite logic to ensure the ordering.\n\nMicrosoft customers should ensure they have installed the latest Servicing Stack Update before installing these standalone security updates. See [ADV990001 | Latest Servicing Stack Updates](<https://msrc.microsoft.com/update-guide/security-guidance/advisory/ADV990001>) for more information.\n\nAn attacker who successfully exploited either of these three (3) vulnerabilities could bypass Secure Boot.\n\n### CERT/CC: [CVE-2022-34301](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34301>) Eurosoft Boot Loader Bypass\n\n### CERT/CC: [CVE-2022-34302](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34302>) New Horizon Data Systems Inc Boot Loader Bypass\n\n### CERT/CC: [CVE-2022-34303](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34303>) Crypto Pro Boot Loader Bypass\n\nAt the time of publication, a CVSSv3.1 score has not been assigned.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Like_**ly\n\n* * *\n\n## **Microsoft Critical and Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug>) covers multiple Microsoft product families, including Azure, Browser, Developer Tools, [Extended Security Updates (ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Exchange Server, Microsoft Office, System Center,, and Windows.\n\nA total of 86 unique Microsoft products/versions are affected, including .NET, Azure, Edge (Chromium-based), Excel, Exchange Server (Cumulative Update), Microsoft 365 Apps for Enterprise, Office, Open Management Infrastructure, Outlook, and System Center Operations Manager (SCOM), Visual Studio, Windows Desktop, and Windows Server.\n\nDownloads include IE Cumulative, Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-35766](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35766>), [CVE-2022-35794](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35794>) | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nAn unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>), [CVE-2022-35744](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744>) | Windows Point-to-Point Protocol (PPP) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nThis vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround prior to installing the updates that address this vulnerability, you can block traffic through that port thus rendering the vulnerability unexploitable. **Warning**: Disabling Port 1723 could affect communications over your network.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34691](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691>) | Active Directory Domain Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nThis vulnerability can only be exploited by communicating via Port 1723. As a temporary workaround An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.\n\nPlease see [Certificate-based authentication changes on Windows domain controllers](<https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16>) for more information and ways to protect your domain.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-33646](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33646>) | Azure Batch Node Agent Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.0/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in August, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-33636](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>), [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>)[CVE-2022-33649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>), and [CVE-2022-35796](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### [CVE-2022-33649](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.6/10.\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. \n\nThe user would have to click on a specially crafted URL to be compromised by the attacker.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33649>)[CVE-2022-33636](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>), [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33636>)[CVE-2022-35796](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35796>) | Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.3/10. _[Per Microsoft's severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance._\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released five (5) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 25 vulnerabilities affecting Adobe Acrobat and Reader, Commerce, FrameMaker, Illustrator, and Premiere Elements applications. Of these 25 vulnerabilities, 15 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 7.8/10 to 9.1/10, as summarized below.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/AdobeAugust2022-ImpactSeverityRoundUp-1.png)\n\n* * *\n\n### [APSB22-38](<https://helpx.adobe.com/security/products/magento/apsb22-38.html>) | Security update available for Adobe Commerce\n\nThis update resolves seven (7) vulnerabilities:\n\n * Four (4) **_[_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n * One (1) **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>), [important](<https://helpx.adobe.com/security/severity-ratings.html>), and [moderate](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, and security feature bypass.\n\n* * *\n\n### [APSB22-39](<https://helpx.adobe.com/security/products/acrobat/apsb22-39.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves seven (7) vulnerabilities:\n\n * Three (3) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Four (4) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-41](<https://helpx.adobe.com/security/products/illustrator/apsb22-41.html>) | Security Updates Available for Adobe Illustrator\n\nThis update resolves four (4) vulnerabilities:\n\n * Two (2) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Illustrator 2022. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-42](<https://helpx.adobe.com/security/products/framemaker/apsb22-42.html>) | Security update available for Adobe FrameMaker\n\nThis update resolves six (6) vulnerabilities:\n\n * Five (5) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * One (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe FrameMaker. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution \nand memory leak. \n\n* * *\n\n### [APSB22-43](<https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html>) | Security update available for Adobe Premiere Elements\n\nThis update resolves one (1) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe FrameMaker. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution \nand memory leak. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n## Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories for August 1-9, 2022 _New Content_\n\n * [Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)](<https://threatprotect.qualys.com/2022/08/10/vmware-vrealize-operations-multiple-vulnerabilities-patched-in-the-latest-security-update-cve-2022-31672-cve-2022-31673-cve-2022-31674-cve-2022-31675/>)\n * [Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)](<https://threatprotect.qualys.com/2022/08/04/cisco-patched-small-business-rv-series-routers-multiple-vulnerabilities-cve-2022-20827-cve-2022-20841-and-cve-2022-20842/>)\n * [VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access](<https://threatprotect.qualys.com/2022/08/03/vmware-patched-multiple-vulnerabilities-in-vmware-products-including-identity-manager-vidm-and-workspace-one-access/>)\n * [Atlassian Confluence Server and Confluence Data Center \u2013 Questions for Confluence App \u2013 Hardcoded Password Vulnerability (CVE-2022-26138)](<https://threatprotect.qualys.com/2022/08/01/atlassian-confluence-server-and-confluence-data-center-questions-for-confluence-app-hardcoded-password-vulnerability-cve-2022-26138/>)\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`50121` OR qid:`91929` OR qid:`91931` OR qid:`91932` OR qid:`91933` OR qid:`91934` OR qid:`91935` OR qid:`91936` OR qid:`110413` OR qid:`110414` OR qid:`376813` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/VMDR_2022AUG-1070x488.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>) _The old way of ranking vulnerabilities doesn\u2019t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize remediation._\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`50121` OR qid:`91929` OR qid:`91931` OR qid:`91932` OR qid:`91933` OR qid:`91934` OR qid:`91935` OR qid:`91936` OR qid:`110413` OR qid:`110414` OR qid:`376813` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/PATCH_2022AUG-1070x488.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n## Evaluate Vendor-Suggested Workarounds with [Policy Compliance](<https://www.qualys.com/forms/policy-compliance/>) _New Content_\n\nQualys\u2019 [Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires the implementation of a vendor-suggested workaround. A workaround is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. _ [Source](<https://www.techtarget.com/whatis/definition/workaround>)_\n\nThe following Qualys [Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended workaround for this Patch Tuesday:\n\n#### **[CVE-2022-35793](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35793>) | Windows Print Spooler Elevation of Privilege (EoP) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 7.3/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 1368: Status of the \u2018Print Spooler\u2019 service\n * 21711: Status of the \u2018Allow Print Spooler to accept client connections\u2019 group policy setting \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### **[CVE-2022-35804](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35804>)** | **SMB Client and Server Remote Code Execution (RCE) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 24476: Status of the SMBv3 Client compressions setting\n * 20233: Status of the SMBv3 Server compressions setting \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### ****[CVE-2022-35755](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35755>)** | **Windows Print Spooler Elevation of Privilege (EoP) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 7.3/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 1368: Status of the \u2018Print Spooler\u2019 service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation More Likely\n\n* * *\n\n#### **[CVE-2022-30133](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30133>)**, **[CVE-2022-35744](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35744>)** | **Windows Point-to-Point Protocol (PPP) Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 11220: List of \u2018Inbound Rules\u2019 configured in Windows Firewall with Advanced Security via GPO\n * 14028: List of \u2018Outbound Rules\u2019 configured in Windows Firewall with Advanced Security via GPO\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\n#### **[CVE-2022-34715](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34715>): Windows Network File System Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 24139: Status of the Windows Network File System (NFSV4) service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\n#### ****[CVE-2022-34691](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691>): Active Directory Domain Services Elevation of Privilege (EoP) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * 4079: Status of the \u2018Active Directory Certificate Service\u2019\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): Exploitation Less Likely\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`1368` OR id:`4079` OR id:`11220` OR id:`14028` OR id:`20233` OR id:`21711` OR id:`24139` OR id:`24476` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/PC_2022AUG-1070x488.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/qualys-shield.jpg) [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/08/qualys-shield.jpg) [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n##### Patch Tuesday is Complete.\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n![This image has an empty alt attribute; its file name is image-1070x560.jpeg](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-09T20:00:00", "type": "qualysblog", "title": "August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20827", "CVE-2022-20841", "CVE-2022-20842", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-26138", "CVE-2022-30133", "CVE-2022-30134", "CVE-2022-30190", "CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675", "CVE-2022-33636", "CVE-2022-33646", "CVE-2022-33649", "CVE-2022-34301", "CVE-2022-34302", "CVE-2022-34303", "CVE-2022-34691", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-35744", "CVE-2022-35755", "CVE-2022-35766", "CVE-2022-35793", "CVE-2022-35794", "CVE-2022-35796", "CVE-2022-35804"], "modified": "2022-08-09T20:00:00", "id": "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2023-12-06T22:09:08", "description": "# About the security content of Safari 15.6\n\nThis document describes the security content of Safari 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## Safari 15.6\n\nReleased July 20, 2022\n\n**JavaScriptCore**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing web content may lead to arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nWebKit Bugzilla: 241931\n\nCVE-2022-48503: Dongzhuo Zhao working with ADLab of Venustech, and ZhaoHai of Cyberpeace Tech Co., Ltd.\n\nEntry added June 21, 2023\n\n**Safari Extensions**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nWebKit Bugzilla: 241526\n\nCVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: A user may be tracked through their IP address\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32861: Matthias Keller (m-keller.com)\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\nEntry added September 16, 2022, updated March 16, 2023 \n\n**WebKit**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720\n\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: macOS Big Sur and macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339\n\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of Safari 15.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32861", "CVE-2022-32863", "CVE-2022-32885", "CVE-2022-48503"], "modified": "2022-07-20T00:00:00", "id": "APPLE:37AFBB95AFD80D918469C22F0A05655D", "href": "https://support.apple.com/kb/HT213341", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T22:09:13", "description": "# About the security content of iOS 15.6 and iPadOS 15.6\n\nThis document describes the security content of iOS 15.6 and iPadOS 15.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 15.6 and iPadOS 15.6\n\nReleased July 20, 2022\n\n**APFS**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**AppleMobileFileIntegrity**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-42805: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32948: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nEntry updated November 9, 2022 \n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group\n\nEntry updated September 16, 2022\n\n**Apple Neural Engine**\n\nAvailable for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**CoreMedia**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**Home**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32855: Zitong Wu(\u5434\u6893\u6850) from Zhuhai No.1 Middle School(\u73e0\u6d77\u5e02\u7b2c\u4e00\u4e2d\u5b66)\n\nEntry updated September 16, 2022\n\n**iCloud Photo Library**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to disclosure of user information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**JavaScriptCore**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing web content may lead to arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nWebKit Bugzilla: 241931\n\nCVE-2022-48503: Dongzhuo Zhao working with ADLab of Venustech, and ZhaoHai of Cyberpeace Tech Co., Ltd.\n\nEntry added June 21, 2023\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\n**Liblouis**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**PluginKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**Safari Extensions**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University\n\n**Software Update**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nWebKit Bugzilla: 241526\n\nCVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316\n\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720\n\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339\n\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 31, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of iOS 15.6 and iPadOS 15.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-26981", "CVE-2022-32784", "CVE-2022-32785", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32824", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32830", "CVE-2022-32832", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32844", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32849", "CVE-2022-32855", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32863", "CVE-2022-32885", "CVE-2022-32948", "CVE-2022-42805", "CVE-2022-48503"], "modified": "2022-07-20T00:00:00", "id": "APPLE:DF68F7FFE1ED4E5157204A83619C4B89", "href": "https://support.apple.com/kb/HT213346", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-06T22:09:11", "description": "# About the security content of macOS Monterey 12.5\n\nThis document describes the security content of macOS Monterey 12.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS Monterey 12.5\n\nReleased July 20, 2022\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-42858: ABC Research s.r.o.\n\nEntry added May 11, 2023\n\n**APFS**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32880: Wojciech Regu\u0142a (@_r3ggi) of SecuRing, Mickey Jin (@patch1t) of Trend Micro, Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-42805: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32948: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nEntry updated November 9, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing an AppleScript may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-48578: Mickey Jin (@patch1t)\n\nEntry added October 31, 2023\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Archive Utility**\n\nAvailable for: macOS Monterey\n\nImpact: An archive may be able to bypass Gatekeeper\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32910: Ferdous Saljooki (@malwarezoo) of Jamf Software\n\nEntry added October 4, 2022\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**Automation**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Calendar**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: The issue was addressed with improved handling of caches.\n\nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**CoreMedia**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: Daniel Lim Wee Soong of STAR Labs\n\nEntry updated October 31, 2023\n\n**File System Events**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**iCloud Photo Library**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted tiff file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32897: Mickey Jin (@patch1t) of Trend Micro\n\nEntry added October 31, 2023\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\nEntry added September 16, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed with improved locking.\n\nCVE-2022-32811: ABC Research s.r.o\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.\n\n**JavaScriptCore**\n\nAvailable for: macOS Monterey\n\nImpact: Processing web content may lead to arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nWebKit Bugzilla: 241931 \nCVE-2022-48503: Dongzhuo Zhao working with ADLab of Venustech, and ZhaoHai of Cyberpeace Tech Co., Ltd.\n\nEntry added June 21, 2023\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group\n\nEntry updated September 16, 2022\n\n**Liblouis**\n\nAvailable for: macOS Monterey\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-32786: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32800: Mickey Jin (@patch1t)\n\n**PluginKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**PS Normalizer**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32843: Kai Lu of Zscaler's ThreatLabz\n\n**Safari**\n\nAvailable for: macOS Monterey\n\nImpact: Processing web content may disclose sensitive information\n\nDescription: A brute force issue was addressed with improved state management.\n\nCVE-2022-46708: an anonymous researcher\n\nEntry added October 31, 2023\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position may be able to leak sensitive information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive kernel state\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\n**Software Update**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**Spindump**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved file handling.\n\nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Spotlight**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\n**subversion**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in subversion\n\nDescription: Multiple issues were addressed by updating subversion.\n\nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\n**TCC**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-32834: Xuxiang Yang (@another1024) of Tencent Security Xuanwu Lab (xlab.tencent.com), Gordon Long, Thijs Alkemade (@xnyhps) of Computest Sector 7, Adam Chester from TrustedSec, Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated September 16, 2022, updated May 11, 2023 \n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: A website may be able to track the websites a user visited in Safari private browsing mode\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nWebKit Bugzilla: 239547 \nCVE-2022-32933: Binoy Chitale, MS student, Stony Brook University, Nick Nikiforakis, Associate Professor, Stony Brook University, Jason Polakis, Associate Professor, University of Illinois at Chicago, Mir Masood Ali, PhD student, University of Illinois at Chicago, Chris Kanich, Associate Professor, University of Illinois at Chicago, and Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago\n\nEntry added October 31, 2023\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nWebKit Bugzilla: 241526 \nCVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)\n\nEntry added May 11, 2023\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be tracked through their IP address\n\nDescription: A logic issue was addressed with improved state management.\n\nWebKit Bugzilla: 237296 \nCVE-2022-32861: Matthias Keller (m-keller.com)\n\nEntry added September 16, 2022, updated October 31, 2023\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\nEntry added September 16, 2022, updated October 31, 2023\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n**Windows Server**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to capture a user\u2019s screen\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**Calendar**\n\n****We would like to acknowledge Joshua Jones for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**DiskArbitration**\n\nWe would like to acknowledge Mike Cush and an anonymous researcher for their assistance.\n\nEntry updated October 31, 2023\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 31, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32802", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32861", "CVE-2022-32863", "CVE-2022-32880", "CVE-2022-32885", "CVE-2022-32897", "CVE-2022-32910", "CVE-2022-32933", "CVE-2022-32948", "CVE-2022-42805", "CVE-2022-42858", "CVE-2022-46708", "CVE-2022-48503", "CVE-2022-48578"], "modified": "2022-07-20T00:00:00", "id": "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "href": "https://support.apple.com/kb/HT213345", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-12-06T15:52:54", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:30:57", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-103.0.5060.114-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-28T01:30:57", "id": "FEDORA:1AA1C30A3C1B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:52:54", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:28:06", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-103.0.5060.114-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-28T01:28:06", "id": "FEDORA:29E5830A072A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:52:59", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-05T01:05:03", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-05T01:05:03", "id": "FEDORA:C6FE430979BC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LVOHGEQF56ZD3C5BZHVIWAXFM2Z3A2HV/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:52:59", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-03T00:22:01", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-03T00:22:01", "id": "FEDORA:63A16302C983", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:52:59", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-05T01:01:54", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058", "CVE-2022-3071", "CVE-2022-3075", "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201"], "modified": "2022-10-05T01:01:54", "id": "FEDORA:16ADB302CDBA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ACB3ENEHQ55GVZKKYER7KSRXT3HUFV7D/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-06T16:54:19", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.36.7\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-31T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "id": "GLSA-202208-39", "href": "https://security.gentoo.org/glsa/202208-39", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:54:21", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-104.0.5112.101\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-104.0.5112.101\"\n \n\nAll Google Chrome users should upgrade to tha latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-104.0.5112.101\"\n \n\nAll Microsoft Edge users should upgrade to tha latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/microsoft-edge-104.0.1293.63\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-21T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-35796"], "modified": "2022-08-21T00:00:00", "id": "GLSA-202208-35", "href": "https://security.gentoo.org/glsa/202208-35", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:55:30", "description": "### Background\n\nQtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QtWebEngine users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtwebengine-5.15.10_p20230623\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-11-25T00:00:00", "type": "gentoo", "title": "QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-3201", "CVE-2022-41115", "CVE-2022-4174", "CVE-2022-4175", "CVE-2022-4176", "CVE-2022-4177", "CVE-2022-4178", "CVE-2022-4179", "CVE-2022-4180", "CVE-2022-4181", "CVE-2022-4182", "CVE-2022-4183", "CVE-2022-4184", "CVE-2022-4185", "CVE-2022-4186", "CVE-2022-4187", "CVE-2022-4188", "CVE-2022-4189", "CVE-2022-4190", "CVE-2022-4191", "CVE-2022-4192", "CVE-2022-4193", "CVE-2022-4194", "CVE-2022-4195", "CVE-2022-4436", "CVE-2022-4437", "CVE-2022-4438", "CVE-2022-4439", "CVE-2022-4440", "CVE-2022-44688", "CVE-2022-44708", "CVE-2023-0128", "CVE-2023-0129", "CVE-2023-0130", "CVE-2023-0131", "CVE-2023-0132", "CVE-2023-0133", "CVE-2023-0134", "CVE-2023-0135", "CVE-2023-0136", "CVE-2023-0137", "CVE-2023-0138", "CVE-2023-0139", "CVE-2023-0140", "CVE-2023-0141", "CVE-2023-21775", "CVE-2023-21796", "CVE-2023-2721", "CVE-2023-2722", "CVE-2023-2723", "CVE-2023-2724", "CVE-2023-2725", "CVE-2023-2726", "CVE-2023-2929", "CVE-2023-2930", "CVE-2023-2931", "CVE-2023-2932", "CVE-2023-2933", "CVE-2023-2934", "CVE-2023-2935", "CVE-2023-2936", "CVE-2023-2937", "CVE-2023-2938", "CVE-2023-2939", "CVE-2023-2940", "CVE-2023-2941", "CVE-2023-3079", "CVE-2023-3214", "CVE-2023-3215", "CVE-2023-3216", "CVE-2023-3217", "CVE-2023-4068", "CVE-2023-4069", "CVE-2023-4070", "CVE-2023-4071", "CVE-2023-4072", "CVE-2023-4073", "CVE-2023-4074", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4077", "CVE-2023-4078", "CVE-2023-4761", "CVE-2023-4762", "CVE-2023-4763", "CVE-2023-4764", "CVE-2023-5218", "CVE-2023-5473", "CVE-2023-5474", "CVE-2023-5475", "CVE-2023-5476", "CVE-2023-5477", "CVE-2023-5478", "CVE-2023-5479", "CVE-2023-5480", "CVE-2023-5481", "CVE-2023-5482", "CVE-2023-5483", "CVE-2023-5484", "CVE-2023-5485", "CVE-2023-5486", "CVE-2023-5487", "CVE-2023-5849", "CVE-2023-5850", "CVE-2023-5851", "CVE-2023-5852", "CVE-2023-5853", "CVE-2023-5854", "CVE-2023-5855", "CVE-2023-5856", "CVE-2023-5857", "CVE-2023-5858", "CVE-2023-5859", "CVE-2023-5996", "CVE-2023-5997", "CVE-2023-6112"], "modified": "2023-11-25T00:00:00", "id": "GLSA-202311-11", "href": "https://security.gentoo.org/glsa/202311-11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:54:27", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-103.0.5060.53\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-103.0.5060.53\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-103.0.5060.53\"\n \n\nAll Microsoft Edge users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-103.0.5060.53\"\n \n\nAll QtWebEngine users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtwebengine-5.15.5_p20220618\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-14T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-0971", "CVE-2022-0972", "CVE-2022-0973", "CVE-2022-0974", "CVE-2022-0975", "CVE-2022-0976", "CVE-2022-0977", "CVE-2022-0978", "CVE-2022-0979", "CVE-2022-0980", "CVE-2022-1096", "CVE-2022-1125", "CVE-2022-1127", "CVE-2022-1128", "CVE-2022-1129", "CVE-2022-1130", "CVE-2022-1131", "CVE-2022-1132", "CVE-2022-1133", "CVE-2022-1134", "CVE-2022-1135", "CVE-2022-1136", "CVE-2022-1137", "CVE-2022-1138", "CVE-2022-1139", "CVE-2022-1141", "CVE-2022-1142", "CVE-2022-1143", "CVE-2022-1144", "CVE-2022-1145", "CVE-2022-1146", "CVE-2022-1232", "CVE-2022-1305", "CVE-2022-1306", "CVE-2022-1307", "CVE-2022-1308", "CVE-2022-1309", "CVE-2022-1310", "CVE-2022-1311", "CVE-2022-1312", "CVE-2022-1313", "CVE-2022-1314", "CVE-2022-1364", "CVE-2022-1477", "CVE-2022-1478", "CVE-2022-1479", "CVE-2022-1480", "CVE-2022-1481", "CVE-2022-1482", "CVE-2022-1483", "CVE-2022-1484", "CVE-2022-1485", "CVE-2022-1486", "CVE-2022-1487", "CVE-2022-1488", "CVE-2022-1489", "CVE-2022-1490", "CVE-2022-1491", "CVE-2022-1492", "CVE-2022-1493", "CVE-2022-1494", "CVE-2022-1495", "CVE-2022-1496", "CVE-2022-1497", "CVE-2022-1498", "CVE-2022-1499", "CVE-2022-1500", "CVE-2022-1501", "CVE-2022-1633", "CVE-2022-1634", "CVE-2022-1635", "CVE-2022-1636", "CVE-2022-1637", "CVE-2022-1639", "CVE-2022-1640", "CVE-2022-1641", "CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-22021", "CVE-2022-24475", "CVE-2022-24523", "CVE-2022-26891", "CVE-2022-26894", "CVE-2022-26895", "CVE-2022-26900", "CVE-2022-26905", "CVE-2022-26908", "CVE-2022-26909", "CVE-2022-26912", "CVE-2022-29144", "CVE-2022-29146", "CVE-2022-29147", "CVE-2022-30127", "CVE-2022-30128", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2022-08-14T00:00:00", "id": "GLSA-202208-25", "href": "https://security.gentoo.org/glsa/202208-25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2022-06-24T22:03:33", "description": "![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/patches-2.jpg)\n\nJune's Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is [CVE-2022-30190](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>), also known as Follina, which was observed being exploited in the wild [at the end of May](<https://www.rapid7.com/blog/post/2022/05/31/cve-2022-30190-follina-microsoft-support-diagnostic-tool-vulnerability/>). Microsoft provided [mitigation instructions](<https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/>) (disabling the MSDT URL protocol via the registry), but actual patches were not available until today\u2019s cumulative Windows Updates. Even if the mitigation was previously applied, installing the updates is highly recommended.\n\nNone of the other CVEs being addressed this month have been previously disclosed or seen exploited yet. However, it won\u2019t be long before attackers start looking at [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). Last month, Microsoft fixed a similar vulnerability ([CVE-2022-26937](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937>)) affecting NFS v2.0 and v3.0. [CVE-2022-30136](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136>), on the other hand, is only exploitable in NFS v4.1. Microsoft has provided mitigation guidance to disable NFS v4.1, which should only be done if the May updates fixing previous NFS versions have been applied. Again, even if the mitigation has been put into place, best to patch sooner rather than later.\n\nAlso reminiscent of last month is [CVE-2022-30139](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30139>), a critical RCE in LDAP carrying a CVSSv3 base score of 7.1, which again is only exploitable if the MaxReceiveBuffer LDAP policy value is set higher than the default. Rounding out the critical RCEs for June is [CVE-2022-30163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30163>), which could allow a malicious application running on a Hyper-V guest to execute code on the host OS.\n\nThe other big news this month is the end of support for Internet Explorer 11 (IE11) on Windows 10 Semi-Annual Channels and Windows 10 IoT Semi-Annual Channels, as Microsoft encourages users to adopt the Chromium-based Edge browser (which saw fixes for 5 CVEs this month). Internet Explorer 11 on other versions of Windows should continue receiving security updates and technical support based on the OS support lifecycle, so this is only the beginning of the end for the legacy browser.\n\n## Summary charts\n\n![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-vuln_count_severity.png)![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-vuln_count_impact.png)![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-cvssv3_hist.png)![Patch Tuesday - June 2022](https://blog.rapid7.com/content/images/2022/06/2022-06-vuln_count_component.png)\n\n## Summary tables\n\n### Apps vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30168>) | Microsoft Photos App Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30137>) | Azure Service Fabric Container Elevation of Privilege Vulnerability | No | No | 6.7 | Yes \n[CVE-2022-30177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30177>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30178>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30179>) | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30180>) | Azure RTOS GUIX Studio Information Disclosure Vulnerability | No | No | 7.8 | Yes \n \n### Azure System Center vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149>) | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-22021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22021>) | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | No | No | 8.3 | Yes \n[CVE-2022-2011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2011>) | Chromium: CVE-2022-2011 Use after free in ANGLE | No | No | N/A | Yes \n[CVE-2022-2010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2010>) | Chromium: CVE-2022-2010 Out of bounds read in compositing | No | No | N/A | Yes \n[CVE-2022-2008](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2008>) | Chromium: CVE-2022-2008 Out of bounds memory access in WebGL | No | No | N/A | Yes \n[CVE-2022-2007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-2007>) | Chromium: CVE-2022-2007 Use after free in WebGPU | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184>) | .NET and Visual Studio Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n### ESU Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30140>) | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30152>) | Windows Network Address Translation (NAT) Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-30135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30135>) | Windows Media Center Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30153>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30161>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30141>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-30143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30143>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30149>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30146>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30155>) | Windows Kernel Denial of Service Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30147>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30163>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8.5 | Yes \n[CVE-2022-30142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30142>) | Windows File History Remote Code Execution Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-30151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30151>) | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-30160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30160>) | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30166>) | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21166>) | Intel: CVE-2022-21166 Device Register Partial Write (DRPW) | No | No | N/A | Yes \n[CVE-2022-21127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21127>) | Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) | No | No | N/A | Yes \n[CVE-2022-21125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21125>) | Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) | No | No | N/A | Yes \n[CVE-2022-21123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21123>) | Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) | No | No | N/A | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-30157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30157>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30158>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30174>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.4 | Yes \n[CVE-2022-30159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30159>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30171>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30172>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30173>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n### SQL Server vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-29143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29143>) | Microsoft SQL Server Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-32230](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-32230>) | Windows SMB Denial of Service Vulnerability | No | No | N/A | Yes \n[CVE-2022-30136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30136>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2022-30139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30139>) | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30162>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30165>) | Windows Kerberos Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30145>) | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30148>) | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-30150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30150>) | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-30132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30132>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30131>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2022-30189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30189>) | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-30154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30154>) | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | No | No | 5.3 | Yes \n[CVE-2022-30164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30164>) | Kerberos AppContainer Security Feature Bypass Vulnerability | No | No | 8.4 | Yes \n[CVE-2022-29111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29111>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-22018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22018>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30188>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-29119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29119>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30167>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-30193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30193>) | AV1 Video Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n\u200b\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe\n\n \n\n\n_**Additional reading:**_\n\n * _[The Hidden Harm of Silent Patches](<https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/>)_\n * _[Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7](<https://www.rapid7.com/blog/post/2022/05/16/maximize-your-vm-investment-fix-vulnerabilities-faster-with-automox-rapid7/>)_\n * _[How to Strategically Scale Vendor Management and Supply Chain Security](<https://www.rapid7.com/blog/post/2022/04/26/how-to-strategically-scale-vendor-management-and-supply-chain-security/>)_\n * _[Analyzing the Attack Landscape: Rapid7\u2019s 2021 Vulnerability Intelligence Report](<https://www.rapid7.com/blog/post/2022/03/28/analyzing-the-attack-landscape-rapid7s-annual-vulnerability-intelligence-report/>) \n_", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T19:37:50", "type": "rapid7blog", "title": "Patch Tuesday - June 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-22018", "CVE-2022-22021", "CVE-2022-26937", "CVE-2022-29111", "CVE-2022-29119", "CVE-2022-29143", "CVE-2022-29149", "CVE-2022-30131", "CVE-2022-30132", "CVE-2022-30135", "CVE-2022-30136", "CVE-2022-30137", "CVE-2022-30139", "CVE-2022-30140", "CVE-2022-30141", "CVE-2022-30142", "CVE-2022-30143", "CVE-2022-30145", "CVE-2022-30146", "CVE-2022-30147", "CVE-2022-30148", "CVE-2022-30149", "CVE-2022-30150", "CVE-2022-30151", "CVE-2022-30152", "CVE-2022-30153", "CVE-2022-30154", "CVE-2022-30155", "CVE-2022-30157", "CVE-2022-30158", "CVE-2022-30159", "CVE-2022-30160", "CVE-2022-30161", "CVE-2022-30162", "CVE-2022-30163", "CVE-2022-30164", "CVE-2022-30165", "CVE-2022-30166", "CVE-2022-30167", "CVE-2022-30168", "CVE-2022-30171", "CVE-2022-30172", "CVE-2022-30173", "CVE-2022-30174", "CVE-2022-30177", "CVE-2022-30178", "CVE-2022-30179", "CVE-2022-30180", "CVE-2022-30184", "CVE-2022-30188", "CVE-2022-30189", "CVE-2022-30190", "CVE-2022-30193", "CVE-2022-32230"], "modified": "2022-06-14T19:37:50", "id": "RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "href": "https://blog.rapid7.com/2022/06/14/patch-tuesday-june-2022/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-16T21:58:42", "description": "![Patch Tuesday - July 2022](https://blog.rapid7.com/content/images/2022/07/patches-2.jpg)\n\nMicrosoft\u2019s updates for [July's Patch Tuesday](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul>) fix 86 CVEs, including two vulnerabilities in their Chromium-based Edge browser that were patched earlier in the month.\n\nOne 0-day vulnerability has been patched: [CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>) affects all currently supported versions of Microsoft\u2019s pervasive operating system. This is an elevation-of-privilege vulnerability in the Windows Client Server Runtime Subsystem (CSRSS), a critical service that is often impersonated by malware. An attacker with an already-existing foothold can exploit this vulnerability to gain SYSTEM-level privileges. Two similar vulnerabilities in CSRSS ([CVE-2022-22049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22049>) and [CVE-2022-22026](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22026>)) were also fixed, likely as a res