DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENSUSE-2022-10088-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-08-16T00:00:00", "modified": "2023-03-23T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/164144", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2296", "https://www.suse.com/security/cve/CVE-2022-2296", "https://www.suse.com/security/cve/CVE-2022-2163", "https://www.suse.com/security/cve/CVE-2022-2294", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2295", "https://www.suse.com/security/cve/CVE-2022-2477", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2477", "https://www.suse.com/security/cve/CVE-2022-2295", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2480", "https://www.suse.com/security/cve/CVE-2022-2481", "http://www.nessus.org/u?e2a5cb63", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2163", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2481", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2479", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294", "https://www.suse.com/security/cve/CVE-2022-2478", "https://www.suse.com/security/cve/CVE-2022-2479", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2478", "https://www.suse.com/security/cve/CVE-2022-2480"], "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "immutableFields": [], "lastseen": "2023-10-29T15:30:13", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-2163", "ALPINE:CVE-2022-2294", "ALPINE:CVE-2022-2295", "ALPINE:CVE-2022-2296", "ALPINE:CVE-2022-2477", "ALPINE:CVE-2022-2478", "ALPINE:CVE-2022-2479", "ALPINE:CVE-2022-2480", "ALPINE:CVE-2022-2481"]}, {"type": "apple", "idList": ["APPLE:37AFBB95AFD80D918469C22F0A05655D", "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "APPLE:DF68F7FFE1ED4E5157204A83619C4B89"]}, {"type": "attackerkb", "idList": ["AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61"]}, {"type": "avleonov", "idList": ["AVLEONOV:B87691B304EF70215B926F66B871260A"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0566"]}, {"type": "chrome", "idList": ["GCSA-5089288012050676645", "GCSA-7720125337817983232", "GCSA-8112704297585884798"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-2294"]}, {"type": "cve", "idList": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5168-1:EEDFE", "DEBIAN:DSA-5180-1:E631C", "DEBIAN:DSA-5187-1:5725F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2163", "DEBIANCVE:CVE-2022-2294", "DEBIANCVE:CVE-2022-2295", "DEBIANCVE:CVE-2022-2296", "DEBIANCVE:CVE-2022-2477", "DEBIANCVE:CVE-2022-2478", "DEBIANCVE:CVE-2022-2479", "DEBIANCVE:CVE-2022-2480", "DEBIANCVE:CVE-2022-2481"]}, {"type": "fedora", "idList": ["FEDORA:12E6A205AC4A", "FEDORA:1AA1C30A3C1B", "FEDORA:29E5830A072A", "FEDORA:92EE321072E6", "FEDORA:B673920D02CF", "FEDORA:E86E1204EDA4"]}, {"type": "freebsd", "idList": ["27CC4258-0805-11ED-8AC1-3065EC8FD3EC", "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "B2A4C5F1-F1FE-11EC-BCD2-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202208-25", "GLSA-202208-35", "GLSA-202208-39"]}, {"type": "hivepro", "idList": ["HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809"]}, {"type": "kaspersky", "idList": ["KLA12571", "KLA12572", "KLA12578", "KLA12579", "KLA12587", "KLA12590", "KLA12592", "KLA12596"]}, {"type": "mageia", "idList": ["MGASA-2022-0241", "MGASA-2022-0268", "MGASA-2022-0287"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "MALWAREBYTES:0EA0ACAED3005CD12F07560D039DE57E", "MALWAREBYTES:6E72426C60EECBEF071E305072060892"]}, {"type": "mscve", "idList": ["MS:CVE-2022-2163", "MS:CVE-2022-2294", "MS:CVE-2022-2295", "MS:CVE-2022-2477", "MS:CVE-2022-2478", "MS:CVE-2022-2479", "MS:CVE-2022-2480", "MS:CVE-2022-2481"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5168.NASL", "DEBIAN_DSA-5180.NASL", "DEBIAN_DSA-5187.NASL", "FEDORA_2023-6C8DE2CD15.NASL", "FEDORA_2023-EA7128B5CE.NASL", "FREEBSD_PKG_27CC4258080511ED8AC13065EC8FD3EC.NASL", "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "FREEBSD_PKG_B2A4C5F1F1FE11ECBCD23065EC8FD3EC.NASL", "GENTOO_GLSA-202208-25.NASL", "GENTOO_GLSA-202208-35.NASL", "GENTOO_GLSA-202208-39.NASL", "GOOGLE_CHROME_103_0_5060_114.NASL", "GOOGLE_CHROME_103_0_5060_134.NASL", "GOOGLE_CHROME_103_0_5060_53.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_134.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_53.NASL", "MACOS_HT213345.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_37.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_71.NASL", "OPENSUSE-2022-10035-1.NASL", "OPENSUSE-2022-10036-1.NASL", "OPENSUSE-2022-10055-1.NASL", "OPENSUSE-2022-10057-1.NASL", "OPENSUSE-2022-10073-1.NASL", "OPENSUSE-2022-10087-1.NASL", "UBUNTU_USN-5568-1.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-5168-1", "OSV:DSA-5180-1"]}, {"type": "prion", "idList": ["PRION:CVE-2022-2163", "PRION:CVE-2022-2294", "PRION:CVE-2022-2295", "PRION:CVE-2022-2296", "PRION:CVE-2022-2477", "PRION:CVE-2022-2478", "PRION:CVE-2022-2479", "PRION:CVE-2022-2480", "PRION:CVE-2022-2481"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:058E013CF475F33D6DEBB8955340D15B", "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3"]}, {"type": "securelist", "idList": ["SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10035-1", "OPENSUSE-SU-2022:10036-1", "OPENSUSE-SU-2022:10055-1", "OPENSUSE-SU-2022:10057-1", "OPENSUSE-SU-2022:10073-1", "OPENSUSE-SU-2022:10087-1", "OPENSUSE-SU-2022:10088-1"]}, {"type": "thn", "idList": ["THN:0ADE883013E260B4548F6E16D65487D3", "THN:222F7713CA968509F8C385BA29B0B6A5", "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "THN:5D50D5AA81EE14FA1044614364EAEBC6", "THN:80C4CCCAB293DD273948D1317EAC8B73", "THN:EDC4E93542AFAF751E67BF527C826DA4", "THN:FFFF05ECDE44C9ED26B53D328B60689B"]}, {"type": "threatpost", "idList": ["THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC"]}, {"type": "trellix", "idList": ["TRELLIX:6AC0A8EB929E0B0AC515928EFCB01642"]}, {"type": "ubuntu", "idList": ["USN-5568-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2163", "UB:CVE-2022-2294", "UB:CVE-2022-2295", "UB:CVE-2022-2296", "UB:CVE-2022-2477", "UB:CVE-2022-2478", "UB:CVE-2022-2479", "UB:CVE-2022-2480", "UB:CVE-2022-2481"]}, {"type": "veracode", "idList": ["VERACODE:36125", "VERACODE:36371", "VERACODE:36372", "VERACODE:36373", "VERACODE:36426", "VERACODE:36427", "VERACODE:36428", "VERACODE:36429", "VERACODE:36430"]}]}, "score": {"value": 8.6, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-2163", "epss": 0.00073, "percentile": 0.298, "modified": "2023-05-02"}, {"cve": "CVE-2022-2294", "epss": 0.00426, "percentile": 0.70531, "modified": "2023-05-02"}, {"cve": "CVE-2022-2295", "epss": 0.00127, "percentile": 0.46026, "modified": "2023-05-02"}, {"cve": "CVE-2022-2296", "epss": 0.00127, "percentile": 0.46026, "modified": "2023-05-02"}, {"cve": "CVE-2022-2477", "epss": 0.00059, "percentile": 0.22837, "modified": "2023-05-02"}, {"cve": "CVE-2022-2478", "epss": 0.00062, "percentile": 0.24479, "modified": "2023-05-02"}, {"cve": "CVE-2022-2479", "epss": 0.00052, "percentile": 0.18469, "modified": "2023-05-02"}, {"cve": "CVE-2022-2480", "epss": 0.00124, "percentile": 0.454, "modified": "2023-05-02"}, {"cve": "CVE-2022-2481", "epss": 0.00083, "percentile": 0.33756, "modified": "2023-05-02"}], "vulnersScore": 8.6}, "_state": {"dependencies": 1698604414, "score": 1698852299, "epss": 0}, "_internal": {"score_hash": "a6283aff9ce11399ce918d237e70bd6c"}, "pluginID": "164144", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10088-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164144);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2a5cb63\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp154.2.14.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.4"], "solution": "Update the affected opera package.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2022-2481", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-08-16T00:00:00", "vulnerabilityPublicationDate": "2022-06-21T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-10-28T15:11:28", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10087-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164134", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10087-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164134);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05668353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp153.2.54.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T15:39:03", "description": "The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.134. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-19T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.134 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_103_0_5060_134.NASL", "href": "https://www.tenable.com/plugins/nessus/163273", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163273);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"Google Chrome < 103.0.5060.134 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.134. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5848b53d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1335861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1329987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1339844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1308341\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.134 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'103.0.5060.134', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T15:38:53", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 27cc4258-0805-11ed-8ac1-3065ec8fd3ec advisory.\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - : Use after free in Guest View. (CVE-2022-2477)\n\n - : Use after free in PDF. (CVE-2022-2478)\n\n - : Insufficient validation of untrusted input in File. (CVE-2022-2479)\n\n - : Use after free in Service Worker API. (CVE-2022-2480)\n\n - Use after free in Views. (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-20T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (27cc4258-0805-11ed-8ac1-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_27CC4258080511ED8AC13065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/163281", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163281);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (27cc4258-0805-11ed-8ac1-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 27cc4258-0805-11ed-8ac1-3065ec8fd3ec advisory.\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - : Use after free in Guest View. (CVE-2022-2477)\n\n - : Use after free in PDF. (CVE-2022-2478)\n\n - : Insufficient validation of untrusted input in File. (CVE-2022-2479)\n\n - : Use after free in Service Worker API. (CVE-2022-2480)\n\n - Use after free in Views. (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5848b53d\");\n # https://vuxml.freebsd.org/freebsd/27cc4258-0805-11ed-8ac1-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?298cd892\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<103.0.5060.134'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T15:42:51", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5187 advisory.\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - : Use after free in Guest View. (CVE-2022-2477)\n\n - : Use after free in PDF. (CVE-2022-2478)\n\n - : Insufficient validation of untrusted input in File. (CVE-2022-2479)\n\n - : Use after free in Service Worker API. (CVE-2022-2480)\n\n - Use after free in Views. (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-23T00:00:00", "type": "nessus", "title": "Debian DSA-5187-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5187.NASL", "href": "https://www.tenable.com/plugins/nessus/163416", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5187. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163416);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n\n script_name(english:\"Debian DSA-5187-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5187 advisory.\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - : Use after free in Guest View. (CVE-2022-2477)\n\n - : Use after free in PDF. (CVE-2022-2478)\n\n - : Insufficient validation of untrusted input in File. (CVE-2022-2479)\n\n - : Use after free in Service Worker API. (CVE-2022-2480)\n\n - Use after free in Views. (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.134-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '103.0.5060.134-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '103.0.5060.134-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '103.0.5060.134-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '103.0.5060.134-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '103.0.5060.134-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '103.0.5060.134-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T15:32:10", "description": "The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.134. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-19T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.134 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_103_0_5060_134.NASL", "href": "https://www.tenable.com/plugins/nessus/163274", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163274);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"Google Chrome < 103.0.5060.134 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.134. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop_19 advisory.\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5848b53d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1335861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1329987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1339844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1308341\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.134 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'103.0.5060.134', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T15:48:02", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10073-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10073-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10073-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163682", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10073-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163682);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10073-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10073-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201679\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/32RZRSVM5BTCD25ZWPF7FIV6VKPYNU5E/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abbf2c45\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.134-bp154.2.17.2', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.134-bp154.2.17.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.134-bp154.2.17.2', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.134-bp154.2.17.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T15:41:30", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.71. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2022 advisory.\n\n - : Use after free in Guest View. (CVE-2022-2477)\n\n - : Use after free in PDF. (CVE-2022-2478)\n\n - : Insufficient validation of untrusted input in File. (CVE-2022-2479)\n\n - : Use after free in Service Worker API. (CVE-2022-2480)\n\n - Use after free in Views. (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-23T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 103.0.1264.71 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_103_0_1264_71.NASL", "href": "https://www.tenable.com/plugins/nessus/163415", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163415);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 103.0.1264.71 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.71. It is, therefore, affected\nby multiple vulnerabilities as referenced in the July 22, 2022 advisory.\n\n - : Use after free in Guest View. (CVE-2022-2477)\n\n - : Use after free in PDF. (CVE-2022-2478)\n\n - : Insufficient validation of untrusted input in File. (CVE-2022-2479)\n\n - : Use after free in Service Worker API. (CVE-2022-2480)\n\n - Use after free in Views. (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-22-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d376e5a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 103.0.1264.71 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '103.0.1264.71' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:10:31", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10055-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163078", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10055-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163078);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201216\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7dcbbe96\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:12", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/162839", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162839);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n # https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f39f44de\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<103.0.5060.114'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:35", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Debian DSA-5180-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5180.NASL", "href": "https://www.tenable.com/plugins/nessus/163024", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5180. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Debian DSA-5180-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.114-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '103.0.5060.114-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:12", "description": "The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162705", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162705);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:11", "description": "The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162706", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162706);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:10:05", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-10-19T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "href": "https://www.tenable.com/plugins/nessus/162776", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162776);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/19\");\n\n script_cve_id(\"CVE-2022-2294\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected\nby a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-6-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c255ed38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 103.0.1264.49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '103.0.1264.49' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T17:25:35", "description": "The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6c8de2cd15 advisory.\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-3443)\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low) (CVE-2022-3444)\n\n - Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-4911)\n\n - Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4912)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page.\n (Chromium security severity: High) (CVE-2022-4913)\n\n - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4914)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4915)\n\n - Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4916)\n\n - Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity:\n Low) (CVE-2022-4917)\n\n - Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4918)\n\n - Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1919)\n\n - Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4919)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4920)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-08-19T00:00:00", "type": "nessus", "title": "Fedora 37 : chromium (2023-6c8de2cd15)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1919", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-3443", "CVE-2022-3444", "CVE-2022-4911", "CVE-2022-4912", "CVE-2022-4913", "CVE-2022-4914", "CVE-2022-4915", "CVE-2022-4916", "CVE-2022-4917", "CVE-2022-4918", "CVE-2022-4919", "CVE-2022-4920"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:37", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2023-6C8DE2CD15.NASL", "href": "https://www.tenable.com/plugins/nessus/179981", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-6c8de2cd15\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(179981);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2022-1919\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\",\n \"CVE-2022-3443\",\n \"CVE-2022-3444\",\n \"CVE-2022-4911\",\n \"CVE-2022-4912\",\n \"CVE-2022-4913\",\n \"CVE-2022-4914\",\n \"CVE-2022-4915\",\n \"CVE-2022-4916\",\n \"CVE-2022-4917\",\n \"CVE-2022-4918\",\n \"CVE-2022-4919\",\n \"CVE-2022-4920\"\n );\n script_xref(name:\"FEDORA\", value:\"2023-6c8de2cd15\");\n\n script_name(english:\"Fedora 37 : chromium (2023-6c8de2cd15)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-6c8de2cd15 advisory.\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote\n attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2022-3443)\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote\n attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security\n severity: Low) (CVE-2022-3444)\n\n - Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker\n to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2022-4911)\n\n - Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4912)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page.\n (Chromium security severity: High) (CVE-2022-4913)\n\n - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n HTML page. (Chromium security severity: Medium) (CVE-2022-4914)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4915)\n\n - Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4916)\n\n - Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote\n attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity:\n Low) (CVE-2022-4917)\n\n - Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4918)\n\n - Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1919)\n\n - Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4919)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted\n HTML page. (Chromium security severity: High) (CVE-2022-4920)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-6c8de2cd15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-4920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^37([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-115.0.5790.170-2.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:02:29", "description": "The remote host is affected by the vulnerability described in GLSA-202208-35 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (CVE-2022-2624)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-33636)\n\n - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2022-33649)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-35796)\n\n - Use after free in FedCM. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads. (CVE-2022-2853)\n\n - Use after free in SwiftShader. (CVE-2022-2854)\n\n - Use after free in ANGLE. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\n - Use after free in Blink. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-21T00:00:00", "type": "nessus", "title": "GLSA-202208-35 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-35796"], "modified": "2023-10-25T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:chromium-bin", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-35.NASL", "href": "https://www.tenable.com/plugins/nessus/164320", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-35.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164320);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/25\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\",\n \"CVE-2022-2603\",\n \"CVE-2022-2604\",\n \"CVE-2022-2605\",\n \"CVE-2022-2606\",\n \"CVE-2022-2607\",\n \"CVE-2022-2608\",\n \"CVE-2022-2609\",\n \"CVE-2022-2610\",\n \"CVE-2022-2611\",\n \"CVE-2022-2612\",\n \"CVE-2022-2613\",\n \"CVE-2022-2614\",\n \"CVE-2022-2615\",\n \"CVE-2022-2616\",\n \"CVE-2022-2617\",\n \"CVE-2022-2618\",\n \"CVE-2022-2619\",\n \"CVE-2022-2620\",\n \"CVE-2022-2621\",\n \"CVE-2022-2622\",\n \"CVE-2022-2623\",\n \"CVE-2022-2624\",\n \"CVE-2022-2852\",\n \"CVE-2022-2853\",\n \"CVE-2022-2854\",\n \"CVE-2022-2855\",\n \"CVE-2022-2856\",\n \"CVE-2022-2857\",\n \"CVE-2022-2858\",\n \"CVE-2022-2859\",\n \"CVE-2022-2860\",\n \"CVE-2022-2861\",\n \"CVE-2022-33636\",\n \"CVE-2022-33649\",\n \"CVE-2022-35796\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"GLSA-202208-35 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-35 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2603)\n\n - Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2604)\n\n - Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2605)\n\n - Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-2606)\n\n - Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker\n who convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2607)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2608)\n\n - Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific UI interactions. (CVE-2022-2609)\n\n - Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2610)\n\n - Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed\n a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-2611)\n\n - Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker who had compromised the renderer process to obtain potentially sensitive information from\n process memory via a crafted HTML page. (CVE-2022-2612)\n\n - Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2613)\n\n - Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2614)\n\n - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-2615)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a\n crafted Chrome Extension. (CVE-2022-2616)\n\n - Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via specific UI\n interactions. (CVE-2022-2617)\n\n - Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a\n remote attacker to bypass download restrictions via a malicious file . (CVE-2022-2618)\n\n - Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an\n attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged\n page via a crafted HTML page. (CVE-2022-2619)\n\n - Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2620)\n\n - Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.\n (CVE-2022-2621)\n\n - Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to\n 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.\n (CVE-2022-2622)\n\n - Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2623)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (CVE-2022-2624)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-33636)\n\n - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (CVE-2022-33649)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. (CVE-2022-35796)\n\n - Use after free in FedCM. (CVE-2022-2852)\n\n - Heap buffer overflow in Downloads. (CVE-2022-2853)\n\n - Use after free in SwiftShader. (CVE-2022-2854)\n\n - Use after free in ANGLE. (CVE-2022-2855)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\n - Use after free in Blink. (CVE-2022-2857)\n\n - Use after free in Sign-In Flow. (CVE-2022-2858)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2859)\n\n - Insufficient policy enforcement in Cookies. (CVE-2022-2860)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-35\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=858104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=859442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=863512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=865501\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-104.0.5112.101\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-104.0.5112.101\n \nAll Google Chrome users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-104.0.5112.101\n \nAll Microsoft Edge users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/microsoft-edge-104.0.1293.63\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33649\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/chromium-bin\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 104.0.5112.101\"),\n 'vulnerable' : make_list(\"lt 104.0.5112.101\")\n },\n {\n 'name' : \"www-client/microsoft-edge\",\n 'unaffected' : make_list(\"ge 104.0.1293.63\"),\n 'vulnerable' : make_list(\"lt 104.0.1293.63\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome / Microsoft Edge\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:12:58", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-5568-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164124", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5568-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164124);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"USN\", value:\"5568-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5568-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:13", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2023-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10057-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163094", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10057-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163094);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/25\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2294\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d06180ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2294\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-88.0.4412.74-lp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-26T18:16:01", "description": "The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ea7128b5ce advisory.\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-3443)\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low) (CVE-2022-3444)\n\n - Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-4911)\n\n - Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4912)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page.\n (Chromium security severity: High) (CVE-2022-4913)\n\n - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4914)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4915)\n\n - Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4916)\n\n - Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity:\n Low) (CVE-2022-4917)\n\n - Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4918)\n\n - Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1919)\n\n - Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4919)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4920)\n\n - Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) (CVE-2022-4921)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4922)\n\n - Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low) (CVE-2022-4923)\n\n - Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (Chromium security severity: High) (CVE-2022-4924)\n\n - Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) (CVE-2022-4925)\n\n - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4926)\n\n - Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4316)\n\n - Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4317)\n\n - Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4318)\n\n - Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4319)\n\n - Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4320)\n\n - Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4321)\n\n - Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2021-4322)\n\n - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2021-4323)\n\n - Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium) (CVE-2021-4324)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)\n\n - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071)\n\n - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072)\n\n - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-4073)\n\n - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074)\n\n - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)\n\n - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3727, CVE-2023-3728)\n\n - Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3730)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-3732)\n\n - Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3733)\n\n - Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (Chromium security severity: Medium) (CVE-2023-3734)\n\n - Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3735)\n\n - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3736)\n\n - Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3737)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3738)\n\n - Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low) (CVE-2023-3740)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-08-12T00:00:00", "type": "nessus", "title": "Fedora 38 : chromium (2023-ea7128b5ce)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4316", "CVE-2021-4317", "CVE-2021-4318", "CVE-2021-4319", "CVE-2021-4320", "CVE-2021-4321", "CVE-2021-4322", "CVE-2021-4323", "CVE-2021-4324", "CVE-2022-1919", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-3443", "CVE-2022-3444", "CVE-2022-4911", "CVE-2022-4912", "CVE-2022-4913", "CVE-2022-4914", "CVE-2022-4915", "CVE-2022-4916", "CVE-2022-4917", "CVE-2022-4918", "CVE-2022-4919", "CVE-2022-4920", "CVE-2022-4921", "CVE-2022-4922", "CVE-2022-4923", "CVE-2022-4924", "CVE-2022-4925", "CVE-2022-4926", "CVE-2023-3727", "CVE-2023-3728", "CVE-2023-3730", "CVE-2023-3732", "CVE-2023-3733", "CVE-2023-3734", "CVE-2023-3735", "CVE-2023-3736", "CVE-2023-3737", "CVE-2023-3738", "CVE-2023-3740", "CVE-2023-4068", "CVE-2023-4069", "CVE-2023-4070", "CVE-2023-4071", "CVE-2023-4072", "CVE-2023-4073", "CVE-2023-4074", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4077", "CVE-2023-4078"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:38", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2023-EA7128B5CE.NASL", "href": "https://www.tenable.com/plugins/nessus/179714", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-ea7128b5ce\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(179714);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2021-4316\",\n \"CVE-2021-4317\",\n \"CVE-2021-4318\",\n \"CVE-2021-4319\",\n \"CVE-2021-4320\",\n \"CVE-2021-4321\",\n \"CVE-2021-4322\",\n \"CVE-2021-4323\",\n \"CVE-2021-4324\",\n \"CVE-2022-1919\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\",\n \"CVE-2022-3443\",\n \"CVE-2022-3444\",\n \"CVE-2022-4911\",\n \"CVE-2022-4912\",\n \"CVE-2022-4913\",\n \"CVE-2022-4914\",\n \"CVE-2022-4915\",\n \"CVE-2022-4916\",\n \"CVE-2022-4917\",\n \"CVE-2022-4918\",\n \"CVE-2022-4919\",\n \"CVE-2022-4920\",\n \"CVE-2022-4921\",\n \"CVE-2022-4922\",\n \"CVE-2022-4923\",\n \"CVE-2022-4924\",\n \"CVE-2022-4925\",\n \"CVE-2022-4926\",\n \"CVE-2023-3727\",\n \"CVE-2023-3728\",\n \"CVE-2023-3730\",\n \"CVE-2023-3732\",\n \"CVE-2023-3733\",\n \"CVE-2023-3734\",\n \"CVE-2023-3735\",\n \"CVE-2023-3736\",\n \"CVE-2023-3737\",\n \"CVE-2023-3738\",\n \"CVE-2023-3740\",\n \"CVE-2023-4068\",\n \"CVE-2023-4069\",\n \"CVE-2023-4070\",\n \"CVE-2023-4071\",\n \"CVE-2023-4072\",\n \"CVE-2023-4073\",\n \"CVE-2023-4074\",\n \"CVE-2023-4075\",\n \"CVE-2023-4076\",\n \"CVE-2023-4077\",\n \"CVE-2023-4078\"\n );\n script_xref(name:\"FEDORA\", value:\"2023-ea7128b5ce\");\n\n script_name(english:\"Fedora 38 : chromium (2023-ea7128b5ce)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-ea7128b5ce advisory.\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote\n attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2022-3443)\n\n - Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote\n attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security\n severity: Low) (CVE-2022-3444)\n\n - Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker\n to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2022-4911)\n\n - Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4912)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote\n attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page.\n (Chromium security severity: High) (CVE-2022-4913)\n\n - Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n HTML page. (Chromium security severity: Medium) (CVE-2022-4914)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\n - Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote\n attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4915)\n\n - Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4916)\n\n - Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote\n attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity:\n Low) (CVE-2022-4917)\n\n - Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4918)\n\n - Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1919)\n\n - Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4919)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted\n HTML page. (Chromium security severity: High) (CVE-2022-4920)\n\n - Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML\n page. (Chromium security severity: Low) (CVE-2022-4921)\n\n - Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4922)\n\n - Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a\n privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium\n security severity: Low) (CVE-2022-4923)\n\n - Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had\n compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (Chromium security severity: High) (CVE-2022-4924)\n\n - Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote\n attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)\n (CVE-2022-4925)\n\n - Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a\n remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4926)\n\n - Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker\n to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4316)\n\n - Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4317)\n\n - Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially\n exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4318)\n\n - Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2021-4319)\n\n - Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had\n compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium\n security severity: High) (CVE-2021-4320)\n\n - Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content\n security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2021-4321)\n\n - Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user\n to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium\n security severity: Medium) (CVE-2021-4322)\n\n - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an\n attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome\n Extension. (Chromium security severity: Medium) (CVE-2021-4323)\n\n - Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote\n attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)\n (CVE-2021-4324)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068,\n CVE-2023-4070)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)\n\n - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4071)\n\n - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4072)\n\n - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-4073)\n\n - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4074)\n\n - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)\n\n - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker\n who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via\n a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker\n who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via\n a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3727,\n CVE-2023-3728)\n\n - Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (Chromium security severity: High) (CVE-2023-3730)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-3732)\n\n - Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote\n attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium\n security severity: Medium) (CVE-2023-3733)\n\n - Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a\n remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (Chromium security severity: Medium) (CVE-2023-3734)\n\n - Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed\n a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-3735)\n\n - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-3736)\n\n - Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote\n attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security\n severity: Medium) (CVE-2023-3737)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker\n to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-3738)\n\n - Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a\n remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium\n security severity: Low) (CVE-2023-3740)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-ea7128b5ce\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-4078\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-4924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:38\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^38([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'chromium-115.0.5790.170-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:21:37", "description": "The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-21T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_103_0_5060_53.NASL", "href": "https://www.tenable.com/plugins/nessus/162421", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162421);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"Google Chrome < 103.0.5060.53 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.53. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an\n attacker who convinced a user to install a malicious extension to obtain potentially sensitive information\n from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a2f31f8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1335458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1321078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1116450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1307930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1308341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250993\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'103.0.5060.53', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:14:13", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10035-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-30T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10035-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2022-10035-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162616", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10035-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162616);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10035-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10035-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200783\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RFQ3I5UT56IYLUPIBNVXMKHLCHYQ22Z4/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f4426fb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.53-bp154.2.11.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.53-bp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp154.2.11.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:22:23", "description": "The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-21T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_103_0_5060_53.NASL", "href": "https://www.tenable.com/plugins/nessus/162422", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162422);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"Google Chrome < 103.0.5060.53 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.53. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_06_stable-channel-update-for-desktop_21 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an\n attacker who convinced a user to install a malicious extension to obtain potentially sensitive information\n from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a2f31f8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1335458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1321078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1116450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1330289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1307930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1308341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1268445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1250993\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'103.0.5060.53', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:14:47", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5168 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-23T00:00:00", "type": "nessus", "title": "Debian DSA-5168-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5168.NASL", "href": "https://www.tenable.com/plugins/nessus/162505", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5168. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162505);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"Debian DSA-5168-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5168 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an\n attacker who convinced a user to install a malicious extension to obtain potentially sensitive information\n from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.53-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '103.0.5060.53-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '103.0.5060.53-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:22:49", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10036-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-29T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10036-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162606", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10036-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162606);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10036-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10036-1 advisory.\n\n - Use after free in Base. (CVE-2022-2156)\n\n - Use after free in Interest groups. (CVE-2022-2157)\n\n - Type Confusion in V8. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools. (CVE-2022-2160)\n\n - Use after free in WebApp Provider. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting. (CVE-2022-2165)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200783\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SUIIAMNE5ZGO2NZSXKZINOMI3IDGX2NA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c6e48ea\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.53-bp153.2.104.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.53-bp153.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp153.2.104.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.53-bp153.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:22:24", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-23T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_B2A4C5F1F1FE11ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/162512", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162512);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0253-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0282-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an\n attacker who convinced a user to install a malicious extension to obtain potentially sensitive information\n from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a2f31f8\");\n # https://vuxml.freebsd.org/freebsd/b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89ce02d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2163\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<103.0.5060.53'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:12:34", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected by multiple vulnerabilities as referenced in the June 23, 2022 advisory.\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-23T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_103_0_1264_37.NASL", "href": "https://www.tenable.com/plugins/nessus/162503", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162503);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-33639\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 103.0.1264.37 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.37. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 23, 2022 advisory.\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-23-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b2d4e0f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 103.0.1264.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-33639\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '103.0.1264.37' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:12:58", "description": "The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716, CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-39.NASL", "href": "https://www.tenable.com/plugins/nessus/164535", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-39.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164535);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/31\");\n\n script_cve_id(\n \"CVE-2022-2294\",\n \"CVE-2022-22589\",\n \"CVE-2022-22590\",\n \"CVE-2022-22592\",\n \"CVE-2022-22620\",\n \"CVE-2022-22624\",\n \"CVE-2022-22628\",\n \"CVE-2022-22629\",\n \"CVE-2022-22662\",\n \"CVE-2022-22677\",\n \"CVE-2022-26700\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26719\",\n \"CVE-2022-30293\",\n \"CVE-2022-30294\",\n \"CVE-2022-32784\",\n \"CVE-2022-32792\",\n \"CVE-2022-32893\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/02/25\");\n\n script_name(english:\"GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)\n\n - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted\n mail message may lead to running arbitrary javascript. (CVE-2022-22589)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and\n iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2022-22590)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS\n 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content\n may prevent Content Security Policy from being enforced. (CVE-2022-22592)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS\n Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2022-22620)\n\n - A cookie management issue was addressed with improved state management. This issue is fixed in Security\n Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose\n sensitive user information. (CVE-2022-22662)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in\n WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.\n (CVE-2022-30293)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a\n duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this\n candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2022-30294)\n\n - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS\n 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content\n may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively\n exploited. (CVE-2022-32893)\n\n - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628,\n CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)\n\n - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)\n\n - A logic issue in the handling of concurrent media was addressed with improved state handling.\n (CVE-2022-22677)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716,\n CVE-2022-26719)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32784)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-39\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=839984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=856445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=861740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866494\");\n script_set_attribute(attribute:\"solution\", value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.36.7\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-30294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"net-libs/webkit-gtk\",\n 'unaffected' : make_list(\"ge 2.36.7\", \"lt 2.0.0\"),\n 'vulnerable' : make_list(\"lt 2.36.7\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:12:57", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.5 (HT213345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213345.NASL", "href": "https://www.tenable.com/plugins/nessus/164291", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164291);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2021-28544\",\n \"CVE-2022-2294\",\n \"CVE-2022-24070\",\n \"CVE-2022-26981\",\n \"CVE-2022-29046\",\n \"CVE-2022-29048\",\n \"CVE-2022-32785\",\n \"CVE-2022-32786\",\n \"CVE-2022-32787\",\n \"CVE-2022-32789\",\n \"CVE-2022-32792\",\n \"CVE-2022-32793\",\n \"CVE-2022-32796\",\n \"CVE-2022-32797\",\n \"CVE-2022-32798\",\n \"CVE-2022-32799\",\n \"CVE-2022-32800\",\n \"CVE-2022-32801\",\n \"CVE-2022-32805\",\n \"CVE-2022-32807\",\n \"CVE-2022-32810\",\n \"CVE-2022-32811\",\n \"CVE-2022-32812\",\n \"CVE-2022-32813\",\n \"CVE-2022-32814\",\n \"CVE-2022-32815\",\n \"CVE-2022-32816\",\n \"CVE-2022-32817\",\n \"CVE-2022-32818\",\n \"CVE-2022-32819\",\n \"CVE-2022-32820\",\n \"CVE-2022-32821\",\n \"CVE-2022-32823\",\n \"CVE-2022-32825\",\n \"CVE-2022-32826\",\n \"CVE-2022-32828\",\n \"CVE-2022-32829\",\n \"CVE-2022-32831\",\n \"CVE-2022-32832\",\n \"CVE-2022-32834\",\n \"CVE-2022-32837\",\n \"CVE-2022-32838\",\n \"CVE-2022-32839\",\n \"CVE-2022-32840\",\n \"CVE-2022-32841\",\n \"CVE-2022-32842\",\n \"CVE-2022-32843\",\n \"CVE-2022-32845\",\n \"CVE-2022-32847\",\n \"CVE-2022-32848\",\n \"CVE-2022-32849\",\n \"CVE-2022-32851\",\n \"CVE-2022-32852\",\n \"CVE-2022-32853\",\n \"CVE-2022-32857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213345\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-07-20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0295-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"macOS 12.x < 12.5 (HT213345)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26981\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.5', \n 'fixed_display': 'macOS Monterey 12.5'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:48:57", "description": "The remote host is affected by the vulnerability described in GLSA-202311-11 (QtWebEngine: Multiple Vulnerabilities)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174)\n\n - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4175)\n\n - Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) (CVE-2022-4176)\n\n - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) (CVE-2022-4177)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4178)\n\n - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4179)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4180)\n\n - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4182)\n\n - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4183)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4184)\n\n - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4185)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4187)\n\n - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4188)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189)\n\n - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4190)\n\n - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) (CVE-2022-4191)\n\n - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) (CVE-2022-4192)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4193)\n\n - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4194)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) (CVE-2022-4195)\n\n - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4436)\n\n - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4437)\n\n - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4438)\n\n - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) (CVE-2022-4439)\n\n - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4440)\n\n - Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability (CVE-2022-41115)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-44688)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2022-44708, CVE-2023-21796)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0128)\n\n - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (Chromium security severity: Medium) (CVE-2023-0130)\n\n - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2023-0131)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0132)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0133)\n\n - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0136)\n\n - Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0137)\n\n - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0138)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0139)\n\n - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0140)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141)\n\n - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-2721)\n\n - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-2722)\n\n - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2723)\n\n - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)\n\n - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2725)\n\n - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2726)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2929)\n\n - Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2930)\n\n - Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2023-2931, CVE-2023-2932, CVE-2023-2933)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2934)\n\n - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2935, CVE-2023-2936)\n\n - Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2937, CVE-2023-2938)\n\n - Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity:\n Medium) (CVE-2023-2939)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2940)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2023-2941)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079)\n\n - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-3214)\n\n - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216)\n\n - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)\n\n - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071)\n\n - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072)\n\n - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-4073)\n\n - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074)\n\n - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)\n\n - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)\n\n - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-4761)\n\n - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762)\n\n - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763)\n\n - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764)\n\n - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-5218)\n\n - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5473)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475)\n\n - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5476)\n\n - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) (CVE-2023-5477)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5479)\n\n - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) (CVE-2023-5480)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5481)\n\n - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5482)\n\n - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5483)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5484)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485)\n\n - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486)\n\n - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5487)\n\n - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5851)\n\n - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5852)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853)\n\n - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5854)\n\n - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5855)\n\n - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5856)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) (CVE-2023-5857)\n\n - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5858)\n\n - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) (CVE-2023-5859)\n\n - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996)\n\n - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997)\n\n - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-21775)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-25T00:00:00", "type": "nessus", "title": "GLSA-202311-11 : QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-3201", "CVE-2022-41115", "CVE-2022-4174", "CVE-2022-4175", "CVE-2022-4176", "CVE-2022-4177", "CVE-2022-4178", "CVE-2022-4179", "CVE-2022-4180", "CVE-2022-4181", "CVE-2022-4182", "CVE-2022-4183", "CVE-2022-4184", "CVE-2022-4185", "CVE-2022-4186", "CVE-2022-4187", "CVE-2022-4188", "CVE-2022-4189", "CVE-2022-4190", "CVE-2022-4191", "CVE-2022-4192", "CVE-2022-4193", "CVE-2022-4194", "CVE-2022-4195", "CVE-2022-4436", "CVE-2022-4437", "CVE-2022-4438", "CVE-2022-4439", "CVE-2022-4440", "CVE-2022-44688", "CVE-2022-44708", "CVE-2023-0128", "CVE-2023-0129", "CVE-2023-0130", "CVE-2023-0131", "CVE-2023-0132", "CVE-2023-0133", "CVE-2023-0134", "CVE-2023-0135", "CVE-2023-0136", "CVE-2023-0137", "CVE-2023-0138", "CVE-2023-0139", "CVE-2023-0140", "CVE-2023-0141", "CVE-2023-21775", "CVE-2023-21796", "CVE-2023-2721", "CVE-2023-2722", "CVE-2023-2723", "CVE-2023-2724", "CVE-2023-2725", "CVE-2023-2726", "CVE-2023-2929", "CVE-2023-2930", "CVE-2023-2931", "CVE-2023-2932", "CVE-2023-2933", "CVE-2023-2934", "CVE-2023-2935", "CVE-2023-2936", "CVE-2023-2937", "CVE-2023-2938", "CVE-2023-2939", "CVE-2023-2940", "CVE-2023-2941", "CVE-2023-3079", "CVE-2023-3214", "CVE-2023-3215", "CVE-2023-3216", "CVE-2023-3217", "CVE-2023-4068", "CVE-2023-4069", "CVE-2023-4070", "CVE-2023-4071", "CVE-2023-4072", "CVE-2023-4073", "CVE-2023-4074", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4077", "CVE-2023-4078", "CVE-2023-4761", "CVE-2023-4762", "CVE-2023-4763", "CVE-2023-4764", "CVE-2023-5218", "CVE-2023-5473", "CVE-2023-5474", "CVE-2023-5475", "CVE-2023-5476", "CVE-2023-5477", "CVE-2023-5478", "CVE-2023-5479", "CVE-2023-5480", "CVE-2023-5481", "CVE-2023-5482", "CVE-2023-5483", "CVE-2023-5484", "CVE-2023-5485", "CVE-2023-5486", "CVE-2023-5487", "CVE-2023-5849", "CVE-2023-5850", "CVE-2023-5851", "CVE-2023-5852", "CVE-2023-5853", "CVE-2023-5854", "CVE-2023-5855", "CVE-2023-5856", "CVE-2023-5857", "CVE-2023-5858", "CVE-2023-5859", "CVE-2023-5996", "CVE-2023-5997", "CVE-2023-6112"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:qtwebengine", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202311-11.NASL", "href": "https://www.tenable.com/plugins/nessus/186268", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202311-11.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(186268);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2022-2294\",\n \"CVE-2022-3201\",\n \"CVE-2022-4174\",\n \"CVE-2022-4175\",\n \"CVE-2022-4176\",\n \"CVE-2022-4177\",\n \"CVE-2022-4178\",\n \"CVE-2022-4179\",\n \"CVE-2022-4180\",\n \"CVE-2022-4181\",\n \"CVE-2022-4182\",\n \"CVE-2022-4183\",\n \"CVE-2022-4184\",\n \"CVE-2022-4185\",\n \"CVE-2022-4186\",\n \"CVE-2022-4187\",\n \"CVE-2022-4188\",\n \"CVE-2022-4189\",\n \"CVE-2022-4190\",\n \"CVE-2022-4191\",\n \"CVE-2022-4192\",\n \"CVE-2022-4193\",\n \"CVE-2022-4194\",\n \"CVE-2022-4195\",\n \"CVE-2022-4436\",\n \"CVE-2022-4437\",\n \"CVE-2022-4438\",\n \"CVE-2022-4439\",\n \"CVE-2022-4440\",\n \"CVE-2022-41115\",\n \"CVE-2022-44688\",\n \"CVE-2022-44708\",\n \"CVE-2023-0128\",\n \"CVE-2023-0129\",\n \"CVE-2023-0130\",\n \"CVE-2023-0131\",\n \"CVE-2023-0132\",\n \"CVE-2023-0133\",\n \"CVE-2023-0134\",\n \"CVE-2023-0135\",\n \"CVE-2023-0136\",\n \"CVE-2023-0137\",\n \"CVE-2023-0138\",\n \"CVE-2023-0139\",\n \"CVE-2023-0140\",\n \"CVE-2023-0141\",\n \"CVE-2023-2721\",\n \"CVE-2023-2722\",\n \"CVE-2023-2723\",\n \"CVE-2023-2724\",\n \"CVE-2023-2725\",\n \"CVE-2023-2726\",\n \"CVE-2023-2929\",\n \"CVE-2023-2930\",\n \"CVE-2023-2931\",\n \"CVE-2023-2932\",\n \"CVE-2023-2933\",\n \"CVE-2023-2934\",\n \"CVE-2023-2935\",\n \"CVE-2023-2936\",\n \"CVE-2023-2937\",\n \"CVE-2023-2938\",\n \"CVE-2023-2939\",\n \"CVE-2023-2940\",\n \"CVE-2023-2941\",\n \"CVE-2023-3079\",\n \"CVE-2023-3214\",\n \"CVE-2023-3215\",\n \"CVE-2023-3216\",\n \"CVE-2023-3217\",\n \"CVE-2023-4068\",\n \"CVE-2023-4069\",\n \"CVE-2023-4070\",\n \"CVE-2023-4071\",\n \"CVE-2023-4072\",\n \"CVE-2023-4073\",\n \"CVE-2023-4074\",\n \"CVE-2023-4075\",\n \"CVE-2023-4076\",\n \"CVE-2023-4077\",\n \"CVE-2023-4078\",\n \"CVE-2023-4761\",\n \"CVE-2023-4762\",\n \"CVE-2023-4763\",\n \"CVE-2023-4764\",\n \"CVE-2023-5218\",\n \"CVE-2023-5473\",\n \"CVE-2023-5474\",\n \"CVE-2023-5475\",\n \"CVE-2023-5476\",\n \"CVE-2023-5477\",\n \"CVE-2023-5478\",\n \"CVE-2023-5479\",\n \"CVE-2023-5480\",\n \"CVE-2023-5481\",\n \"CVE-2023-5482\",\n \"CVE-2023-5483\",\n \"CVE-2023-5484\",\n \"CVE-2023-5485\",\n \"CVE-2023-5486\",\n \"CVE-2023-5487\",\n \"CVE-2023-5849\",\n \"CVE-2023-5850\",\n \"CVE-2023-5851\",\n \"CVE-2023-5852\",\n \"CVE-2023-5853\",\n \"CVE-2023-5854\",\n \"CVE-2023-5855\",\n \"CVE-2023-5856\",\n \"CVE-2023-5857\",\n \"CVE-2023-5858\",\n \"CVE-2023-5859\",\n \"CVE-2023-5996\",\n \"CVE-2023-5997\",\n \"CVE-2023-6112\",\n \"CVE-2023-21775\",\n \"CVE-2023-21796\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/28\");\n\n script_name(english:\"GLSA-202311-11 : QtWebEngine: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202311-11 (QtWebEngine: Multiple Vulnerabilities)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4174)\n\n - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-4175)\n\n - Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71\n allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially\n exploit heap corruption via UI interactions. (Chromium security severity: High) (CVE-2022-4176)\n\n - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a\n user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI\n interaction. (Chromium security severity: High) (CVE-2022-4177)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium\n security severity: High) (CVE-2022-4178)\n\n - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user\n to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4179)\n\n - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to\n install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (Chromium security severity: High) (CVE-2022-4180)\n\n - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4181)\n\n - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4182)\n\n - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4183)\n\n - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4184)\n\n - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote\n attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4185)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an\n attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a\n crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4186)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a\n remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4187)\n\n - Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71\n allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security\n severity: Medium) (CVE-2022-4188)\n\n - Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker\n who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted\n Chrome Extension. (Chromium security severity: Medium) (CVE-2022-4189)\n\n - Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4190)\n\n - Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced\n a user to engage in specific UI interaction to potentially exploit heap corruption via profile\n destruction. (Chromium security severity: Medium) (CVE-2022-4191)\n\n - Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who\n convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI\n interaction. (Chromium security severity: Medium) (CVE-2022-4192)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a\n remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2022-4193)\n\n - Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4194)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote\n attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)\n (CVE-2022-4195)\n\n - Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-4436)\n\n - Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-4437)\n\n - Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who\n convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a\n crafted HTML page. (Chromium security severity: High) (CVE-2022-4438)\n\n - Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who\n convinced the user to engage in specific UI interactions to potentially exploit heap corruption via\n specific UI interactions. (Chromium security severity: High) (CVE-2022-4439)\n\n - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2022-4440)\n\n - Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability (CVE-2022-41115)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2022-44688)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2022-44708, CVE-2023-21796)\n\n - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via a crafted HTML page. (Chromium security severity: High) (CVE-2023-0128)\n\n - Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n HTML page and specific interactions. (Chromium security severity: High) (CVE-2023-0129)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (Chromium security severity: Medium) (CVE-2023-0130)\n\n - Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote\n attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity:\n Medium) (CVE-2023-0131)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74\n allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium\n security severity: Medium) (CVE-2023-0132)\n\n - Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74\n allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium\n security severity: Medium) (CVE-2023-0133)\n\n - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to\n install a malicious extension to potentially exploit heap corruption via database corruption and a crafted\n HTML page. (Chromium security severity: Medium) (CVE-2023-0134, CVE-2023-0135)\n\n - Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74\n allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security\n severity: Medium) (CVE-2023-0136)\n\n - Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an\n attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via\n a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-0137)\n\n - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2023-0138)\n\n - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74\n allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security\n severity: Low) (CVE-2023-0139)\n\n - Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74\n allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security\n severity: Low) (CVE-2023-0140)\n\n - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-0141)\n\n - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n (CVE-2023-2721)\n\n - Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-2722)\n\n - Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium\n security severity: High) (CVE-2023-2723)\n\n - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2724)\n\n - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2725)\n\n - Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an\n attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML\n page. (Chromium security severity: Medium) (CVE-2023-2726)\n\n - Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-2929)\n\n - Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-2930)\n\n - Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially\n exploit heap corruption via a crafted PDF file. (Chromium security severity: High) (CVE-2023-2931,\n CVE-2023-2932, CVE-2023-2933)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-2934)\n\n - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-2935,\n CVE-2023-2936)\n\n - Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a\n remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar)\n via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-2937, CVE-2023-2938)\n\n - Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a\n local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity:\n Medium) (CVE-2023-2939)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who\n convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML\n page. (Chromium security severity: Medium) (CVE-2023-2940)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker\n who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome\n Extension. (Chromium security severity: Low) (CVE-2023-2941)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3079)\n\n - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n (CVE-2023-3214)\n\n - Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3215)\n\n - Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3216)\n\n - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-3217)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform\n arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068,\n CVE-2023-4070)\n\n - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)\n\n - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4071)\n\n - Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4072)\n\n - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:\n High) (CVE-2023-4073)\n\n - Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4074)\n\n - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)\n\n - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially\n exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)\n\n - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker\n who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via\n a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker\n who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via\n a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)\n\n - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker\n who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.\n (Chromium security severity: High) (CVE-2023-4761)\n\n - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute\n arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762)\n\n - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4763)\n\n - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to\n spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-4764)\n\n - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n (CVE-2023-5218)\n\n - Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium\n security severity: Low) (CVE-2023-5473)\n\n - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who\n convinced a user to engage in specific user interactions to potentially exploit heap corruption via a\n crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who\n convinced a user to install a malicious extension to bypass discretionary access control via a crafted\n Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475)\n\n - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5476)\n\n - Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker\n to bypass discretionary access control via a crafted command. (Chromium security severity: Low)\n (CVE-2023-5477)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker\n who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML\n page. (Chromium security severity: Medium) (CVE-2023-5479)\n\n - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)\n (CVE-2023-5480)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote\n attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5481)\n\n - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to\n perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-5482)\n\n - Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker\n to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5483)\n\n - Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote\n attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5484)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker\n to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485)\n\n - Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to\n spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486)\n\n - Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who\n convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome\n Extension. (Chromium security severity: Medium) (CVE-2023-5487)\n\n - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to\n perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)\n (CVE-2023-5851)\n\n - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI\n gestures. (Chromium security severity: Medium) (CVE-2023-5852)\n\n - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to\n obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853)\n\n - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI\n gestures. (Chromium security severity: Medium) (CVE-2023-5854)\n\n - Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI\n gestures. (Chromium security severity: Medium) (CVE-2023-5855)\n\n - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who\n convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted\n HTML page. (Chromium security severity: Medium) (CVE-2023-5856)\n\n - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)\n (CVE-2023-5857)\n\n - Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)\n (CVE-2023-5858)\n\n - Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote\n attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)\n (CVE-2023-5859)\n\n - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-5996)\n\n - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-5997)\n\n - Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2023-6112)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-21775)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202311-11\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=888181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=903544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=904290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=906857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=909778\");\n script_set_attribute(attribute:\"solution\", value:\n\"All QtWebEngine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=dev-qt/qtwebengine-5.15.10_p20230623\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-6112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'dev-qt/qtwebengine',\n 'unaffected' : make_list(\"ge 5.15.10_p20230623\"),\n 'vulnerable' : make_list(\"lt 5.15.10_p20230623\")\n }\n];\n\nforeach var package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'QtWebEngine');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:00:47", "description": "The remote host is affected by the vulnerability described in GLSA-202208-25 (Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)\n\n - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-0790)\n\n - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.\n (CVE-2022-0791)\n\n - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)\n\n - Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-0793)\n\n - Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0794)\n\n - Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0795)\n\n - Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0796)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2022-0797)\n\n - Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-0798)\n\n - Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.\n (CVE-2022-0799)\n\n - Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0800)\n\n - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0802, CVE-2022-0804)\n\n - Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0803)\n\n - Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. (CVE-2022-0805)\n\n - Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. (CVE-2022-0806)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0807)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. (CVE-2022-0808)\n\n - Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0809)\n\n - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0971)\n\n - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0972)\n\n - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)\n\n - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0974)\n\n - Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0975, CVE-2022-0978)\n\n - Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0976)\n\n - Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0977)\n\n - Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0979)\n\n - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. (CVE-2022-0980)\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\n - Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.\n (CVE-2022-1125)\n\n - Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. (CVE-2022-1127)\n\n - Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.\n (CVE-2022-1128)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2022-1129)\n\n - Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. (CVE-2022-1130)\n\n - Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1131)\n\n - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.\n (CVE-2022-1132)\n\n - Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1133)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1134)\n\n - Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. (CVE-2022-1135)\n\n - Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. (CVE-2022-1136)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. (CVE-2022-1137)\n\n - Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1138)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1139)\n\n - Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture. (CVE-2022-1141)\n\n - Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. (CVE-2022-1142, CVE-2022-1143)\n\n - Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. (CVE-2022-1144)\n\n - Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction. (CVE-2022-1145)\n\n - Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1146)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1232)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1305)\n\n - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306)\n\n - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307)\n\n - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1308)\n\n - Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1309)\n\n - Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1310)\n\n - Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1311)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.\n (CVE-2022-1312)\n\n - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1314)\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\n - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1477)\n\n - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1479)\n\n - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1481)\n\n - Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1482)\n\n - Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1483)\n\n - Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1484)\n\n - Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1485)\n\n - Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-1486)\n\n - Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. (CVE-2022-1487)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (CVE-2022-1488)\n\n - Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.\n (CVE-2022-1489)\n\n - Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1490)\n\n - Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1491)\n\n - Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. (CVE-2022-1492)\n\n - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493)\n\n - Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. (CVE-2022-1494)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. (CVE-2022-1495)\n\n - Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1496)\n\n - Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. (CVE-2022-1497)\n\n - Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1498)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (CVE-2022-1499)\n\n - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. (CVE-2022-1500)\n\n - Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1501)\n\n - Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1633)\n\n - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1634)\n\n - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1635)\n\n - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636)\n\n - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1639)\n\n - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1640)\n\n - Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. (CVE-2022-1641)\n\n - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1854)\n\n - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855)\n\n - Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (CVE-2022-1857)\n\n - Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. (CVE-2022-1858)\n\n - Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1859)\n\n - Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. (CVE-2022-1860)\n\n - Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.\n (CVE-2022-1862)\n\n - Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1863)\n\n - Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1864)\n\n - Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. (CVE-2022-1865)\n\n - Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-1868)\n\n - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1869)\n\n - Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (CVE-2022-1870)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. (CVE-2022-1871)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1876)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\n - Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2022-2165)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-24475)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523, CVE-2022-26905)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26891)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26894)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26895)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26900)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912. (CVE-2022-26908)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912. (CVE-2022-26909)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909. (CVE-2022-26912)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. (CVE-2022-30127)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. (CVE-2022-30128)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. (CVE-2022-30192)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. (CVE-2022-33638)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-0801) \n - Please review the referenced CVE identifiers for details. (CVE-2022-29144, CVE-2022-29146, CVE-2022-29147)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "GLSA-202208-25 : Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30551", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-0971", "CVE-2022-0972", "CVE-2022-0973", "CVE-2022-0974", "CVE-2022-0975", "CVE-2022-0976", "CVE-2022-0977", "CVE-2022-0978", "CVE-2022-0979", "CVE-2022-0980", "CVE-2022-1096", "CVE-2022-1125", "CVE-2022-1127", "CVE-2022-1128", "CVE-2022-1129", "CVE-2022-1130", "CVE-2022-1131", "CVE-2022-1132", "CVE-2022-1133", "CVE-2022-1134", "CVE-2022-1135", "CVE-2022-1136", "CVE-2022-1137", "CVE-2022-1138", "CVE-2022-1139", "CVE-2022-1141", "CVE-2022-1142", "CVE-2022-1143", "CVE-2022-1144", "CVE-2022-1145", "CVE-2022-1146", "CVE-2022-1232", "CVE-2022-1305", "CVE-2022-1306", "CVE-2022-1307", "CVE-2022-1308", "CVE-2022-1309", "CVE-2022-1310", "CVE-2022-1311", "CVE-2022-1312", "CVE-2022-1313", "CVE-2022-1314", "CVE-2022-1364", "CVE-2022-1477", "CVE-2022-1478", "CVE-2022-1479", "CVE-2022-1481", "CVE-2022-1482", "CVE-2022-1483", "CVE-2022-1484", "CVE-2022-1485", "CVE-2022-1486", "CVE-2022-1487", "CVE-2022-1488", "CVE-2022-1489", "CVE-2022-1490", "CVE-2022-1491", "CVE-2022-1492", "CVE-2022-1493", "CVE-2022-1494", "CVE-2022-1495", "CVE-2022-1496", "CVE-2022-1497", "CVE-2022-1498", "CVE-2022-1499", "CVE-2022-1500", "CVE-2022-1501", "CVE-2022-1633", "CVE-2022-1634", "CVE-2022-1635", "CVE-2022-1636", "CVE-2022-1637", "CVE-2022-1639", "CVE-2022-1640", "CVE-2022-1641", "CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-22021", "CVE-2022-24475", "CVE-2022-24523", "CVE-2022-26891", "CVE-2022-26894", "CVE-2022-26895", "CVE-2022-26900", "CVE-2022-26905", "CVE-2022-26908", "CVE-2022-26909", "CVE-2022-26912", "CVE-2022-29144", "CVE-2022-29146", "CVE-2022-29147", "CVE-2022-30127", "CVE-2022-30128", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2023-10-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "p-cpe:/a:gentoo:linux:qtwebengine", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-25.NASL", "href": "https://www.tenable.com/plugins/nessus/164112", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-25.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164112);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-4052\",\n \"CVE-2021-4053\",\n \"CVE-2021-4054\",\n \"CVE-2021-4055\",\n \"CVE-2021-4056\",\n \"CVE-2021-4057\",\n \"CVE-2021-4058\",\n \"CVE-2021-4059\",\n \"CVE-2021-4061\",\n \"CVE-2021-4062\",\n \"CVE-2021-4063\",\n \"CVE-2021-4064\",\n \"CVE-2021-4065\",\n \"CVE-2021-4066\",\n \"CVE-2021-4067\",\n \"CVE-2021-4068\",\n \"CVE-2021-4078\",\n \"CVE-2021-4079\",\n \"CVE-2021-30551\",\n \"CVE-2022-0789\",\n \"CVE-2022-0790\",\n \"CVE-2022-0791\",\n \"CVE-2022-0792\",\n \"CVE-2022-0793\",\n \"CVE-2022-0794\",\n \"CVE-2022-0795\",\n \"CVE-2022-0796\",\n \"CVE-2022-0797\",\n \"CVE-2022-0798\",\n \"CVE-2022-0799\",\n \"CVE-2022-0800\",\n \"CVE-2022-0801\",\n \"CVE-2022-0802\",\n \"CVE-2022-0803\",\n \"CVE-2022-0804\",\n \"CVE-2022-0805\",\n \"CVE-2022-0806\",\n \"CVE-2022-0807\",\n \"CVE-2022-0808\",\n \"CVE-2022-0809\",\n \"CVE-2022-0971\",\n \"CVE-2022-0972\",\n \"CVE-2022-0973\",\n \"CVE-2022-0974\",\n \"CVE-2022-0975\",\n \"CVE-2022-0976\",\n \"CVE-2022-0977\",\n \"CVE-2022-0978\",\n \"CVE-2022-0979\",\n \"CVE-2022-0980\",\n \"CVE-2022-1096\",\n \"CVE-2022-1125\",\n \"CVE-2022-1127\",\n \"CVE-2022-1128\",\n \"CVE-2022-1129\",\n \"CVE-2022-1130\",\n \"CVE-2022-1131\",\n \"CVE-2022-1132\",\n \"CVE-2022-1133\",\n \"CVE-2022-1134\",\n \"CVE-2022-1135\",\n \"CVE-2022-1136\",\n \"CVE-2022-1137\",\n \"CVE-2022-1138\",\n \"CVE-2022-1139\",\n \"CVE-2022-1141\",\n \"CVE-2022-1142\",\n \"CVE-2022-1143\",\n \"CVE-2022-1144\",\n \"CVE-2022-1145\",\n \"CVE-2022-1146\",\n \"CVE-2022-1232\",\n \"CVE-2022-1305\",\n \"CVE-2022-1306\",\n \"CVE-2022-1307\",\n \"CVE-2022-1308\",\n \"CVE-2022-1309\",\n \"CVE-2022-1310\",\n \"CVE-2022-1311\",\n \"CVE-2022-1312\",\n \"CVE-2022-1313\",\n \"CVE-2022-1314\",\n \"CVE-2022-1364\",\n \"CVE-2022-1477\",\n \"CVE-2022-1478\",\n \"CVE-2022-1479\",\n \"CVE-2022-1481\",\n \"CVE-2022-1482\",\n \"CVE-2022-1483\",\n \"CVE-2022-1484\",\n \"CVE-2022-1485\",\n \"CVE-2022-1486\",\n \"CVE-2022-1487\",\n \"CVE-2022-1488\",\n \"CVE-2022-1489\",\n \"CVE-2022-1490\",\n \"CVE-2022-1491\",\n \"CVE-2022-1492\",\n \"CVE-2022-1493\",\n \"CVE-2022-1494\",\n \"CVE-2022-1495\",\n \"CVE-2022-1496\",\n \"CVE-2022-1497\",\n \"CVE-2022-1498\",\n \"CVE-2022-1499\",\n \"CVE-2022-1500\",\n \"CVE-2022-1501\",\n \"CVE-2022-1633\",\n \"CVE-2022-1634\",\n \"CVE-2022-1635\",\n \"CVE-2022-1636\",\n \"CVE-2022-1637\",\n \"CVE-2022-1639\",\n \"CVE-2022-1640\",\n \"CVE-2022-1641\",\n \"CVE-2022-1853\",\n \"CVE-2022-1854\",\n \"CVE-2022-1855\",\n \"CVE-2022-1856\",\n \"CVE-2022-1857\",\n \"CVE-2022-1858\",\n \"CVE-2022-1859\",\n \"CVE-2022-1860\",\n \"CVE-2022-1861\",\n \"CVE-2022-1862\",\n \"CVE-2022-1863\",\n \"CVE-2022-1864\",\n \"CVE-2022-1865\",\n \"CVE-2022-1866\",\n \"CVE-2022-1867\",\n \"CVE-2022-1868\",\n \"CVE-2022-1869\",\n \"CVE-2022-1870\",\n \"CVE-2022-1871\",\n \"CVE-2022-1872\",\n \"CVE-2022-1873\",\n \"CVE-2022-1874\",\n \"CVE-2022-1875\",\n \"CVE-2022-1876\",\n \"CVE-2022-2007\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2156\",\n \"CVE-2022-2157\",\n \"CVE-2022-2158\",\n \"CVE-2022-2160\",\n \"CVE-2022-2161\",\n \"CVE-2022-2162\",\n \"CVE-2022-2163\",\n \"CVE-2022-2164\",\n \"CVE-2022-2165\",\n \"CVE-2022-22021\",\n \"CVE-2022-24475\",\n \"CVE-2022-24523\",\n \"CVE-2022-26891\",\n \"CVE-2022-26894\",\n \"CVE-2022-26895\",\n \"CVE-2022-26900\",\n \"CVE-2022-26905\",\n \"CVE-2022-26908\",\n \"CVE-2022-26909\",\n \"CVE-2022-26912\",\n \"CVE-2022-29144\",\n \"CVE-2022-29146\",\n \"CVE-2022-29147\",\n \"CVE-2022-30127\",\n \"CVE-2022-30128\",\n \"CVE-2022-30192\",\n \"CVE-2022-33638\",\n \"CVE-2022-33639\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"IAVA\", value:\"2021-A-0544-S\");\n\n script_name(english:\"GLSA-202208-25 : Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-25 (Chromium, Google Chrome, Microsoft Edge,\nQtWebEngine: Multiple Vulnerabilities)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user\n to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.\n (CVE-2021-4052)\n\n - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4053)\n\n - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n perform domain spoofing via a crafted HTML page. (CVE-2021-4054)\n\n - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension. (CVE-2021-4055)\n\n - Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4056)\n\n - Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4057)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4058)\n\n - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2021-4059)\n\n - Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4061, CVE-2021-4078)\n\n - Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-4062)\n\n - Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4063)\n\n - Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4064)\n\n - Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4065)\n\n - Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-4066)\n\n - Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote\n attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-4067)\n\n - Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-4068)\n\n - Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to\n potentially exploit heap corruption via crafted WebRTC packets. (CVE-2021-4079)\n\n - Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0789)\n\n - Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a\n user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML\n page. (CVE-2022-0790)\n\n - Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via user interactions.\n (CVE-2022-0791)\n\n - Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0792)\n\n - Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to\n install a malicious extension and engage in specific user interaction to potentially exploit heap\n corruption via a crafted Chrome Extension. (CVE-2022-0793)\n\n - Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced\n a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2022-0794)\n\n - Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0795)\n\n - Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0796)\n\n - Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n perform an out of bounds memory write via a crafted HTML page. (CVE-2022-0797)\n\n - Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension. (CVE-2022-0798)\n\n - Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a\n remote attacker to perform local privilege escalation via a crafted offline installer file.\n (CVE-2022-0799)\n\n - Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-0800)\n\n - Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed\n a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0802,\n CVE-2022-0804)\n\n - Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote\n attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-0803)\n\n - Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via user\n interaction. (CVE-2022-0805)\n\n - Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user\n to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. (CVE-2022-0806)\n\n - Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker\n to bypass navigation restrictions via a crafted HTML page. (CVE-2022-0807)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote\n attacker who convinced a user to engage in a series of user interaction to potentially exploit heap\n corruption via user interactions. (CVE-2022-0808)\n\n - Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0809)\n\n - Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker\n who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0971)\n\n - Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-0972)\n\n - Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0973)\n\n - Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0974)\n\n - Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-0975, CVE-2022-0978)\n\n - Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-0976)\n\n - Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker\n who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-0977)\n\n - Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via a crafted HTML page. (CVE-2022-0979)\n\n - Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific user\n interactions. (CVE-2022-0980)\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\n - Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced\n a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.\n (CVE-2022-1125)\n\n - Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via user\n interaction. (CVE-2022-1127)\n\n - Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed\n an attacker on the local network segment to leak cross-origin data via a crafted HTML page.\n (CVE-2022-1128)\n\n - Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60\n allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n (CVE-2022-1129)\n\n - Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60\n allowed a remote attacker to send arbitrary intents from any app via a malicious app. (CVE-2022-1130)\n\n - Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1131)\n\n - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60\n allowed a local attacker to bypass navigation restrictions via physical access to the device.\n (CVE-2022-1132)\n\n - Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1133)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1134)\n\n - Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to\n potentially exploit heap corruption via standard feature user interaction. (CVE-2022-1135)\n\n - Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific set of user\n gestures. (CVE-2022-1136)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who\n convinced a user to install a malicious extension to leak potentially sensitive information via a crafted\n HTML page. (CVE-2022-1137)\n\n - Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote\n attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a\n crafted HTML page. (CVE-2022-1138)\n\n - Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1139)\n\n - Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via\n specific user gesture. (CVE-2022-1141)\n\n - Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via\n specific input into DevTools. (CVE-2022-1142, CVE-2022-1143)\n\n - Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a\n user to engage in specific user interaction to potentially exploit heap corruption via specific input into\n DevTools. (CVE-2022-1144)\n\n - Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via specific user interaction\n and profile destruction. (CVE-2022-1145)\n\n - Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1146)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1232)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1305)\n\n - Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote\n attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1306)\n\n - Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a\n remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2022-1307)\n\n - Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1308)\n\n - Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a\n remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1309)\n\n - Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1310)\n\n - Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1311)\n\n - Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user\n to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.\n (CVE-2022-1312)\n\n - Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1313)\n\n - Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1314)\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\n - Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1477)\n\n - Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1478)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1479)\n\n - Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1481)\n\n - Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1482)\n\n - Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1483)\n\n - Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1484)\n\n - Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1485)\n\n - Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2022-1486)\n\n - Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially\n exploit heap corruption via running a Wayland test. (CVE-2022-1487)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker\n who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome\n Extension. (CVE-2022-1488)\n\n - Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41\n allowed a remote attacker to potentially exploit heap corruption via specific user interactions.\n (CVE-2022-1489)\n\n - Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who\n convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1490)\n\n - Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1491)\n\n - Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to inject arbitrary scripts or HTML via a crafted HTML page. (CVE-2022-1492)\n\n - Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1493)\n\n - Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass trusted types policy via a crafted HTML page. (CVE-2022-1494)\n\n - Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote\n attacker to spoof the APK downloads dialog via a crafted HTML page. (CVE-2022-1495)\n\n - Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n potentially exploit heap corruption via specific and direct user interaction. (CVE-2022-1496)\n\n - Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to\n spoof the contents of cross-origin websites via a crafted HTML page. (CVE-2022-1497)\n\n - Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1498)\n\n - Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass same origin policy via a crafted HTML page. (CVE-2022-1499)\n\n - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote\n attacker to bypass content security policy via a crafted HTML page. (CVE-2022-1500)\n\n - Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2022-1501)\n\n - Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via specific user interactions. (CVE-2022-1633)\n\n - Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had\n convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific\n user interactions. (CVE-2022-1634)\n\n - Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who\n convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific\n user interactions. (CVE-2022-1635)\n\n - Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1636)\n\n - Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2022-1637)\n\n - Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1639)\n\n - Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced\n a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML\n page. (CVE-2022-1640)\n\n - Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote\n attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption\n via specific user interaction. (CVE-2022-1641)\n\n - Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2022-1853)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1854)\n\n - Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1855)\n\n - Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension or specific user interaction. (CVE-2022-1856)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a\n remote attacker to bypass file system restrictions via a crafted HTML page. (CVE-2022-1857)\n\n - Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n perform an out of bounds memory read via specific user interaction. (CVE-2022-1858)\n\n - Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker\n who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a\n crafted HTML page. (CVE-2022-1859)\n\n - Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote\n attacker who convinced a user to engage in specific user interaction to potentially exploit heap\n corruption via specific user interactions. (CVE-2022-1860)\n\n - Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker\n who convinced a user to enage in specific user interactions to potentially exploit heap corruption via\n specific user interaction. (CVE-2022-1861)\n\n - Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who\n convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.\n (CVE-2022-1862)\n\n - Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension and specific user interaction. (CVE-2022-1863)\n\n - Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted\n Chrome Extension and specific user interaction. (CVE-2022-1864)\n\n - Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension and specific user interaction. (CVE-2022-1865)\n\n - Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via specific user interactions. (CVE-2022-1866)\n\n - Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61\n allowed a remote attacker to bypass same origin policy via a crafted clipboard content. (CVE-2022-1867)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker\n who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML\n page. (CVE-2022-1868)\n\n - Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1869)\n\n - Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome\n Extension. (CVE-2022-1870)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an\n attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted\n HTML page. (CVE-2022-1871)\n\n - Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an\n attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted\n HTML page. (CVE-2022-1872)\n\n - Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker\n to leak cross-origin data via a crafted HTML page. (CVE-2022-1873)\n\n - Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a\n remote attacker to bypass downloads protection policy via a crafted HTML page. (CVE-2022-1874)\n\n - Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to\n leak cross-origin data via a crafted HTML page. (CVE-2022-1875)\n\n - Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-1876)\n\n - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2007)\n\n - Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who\n had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-2010)\n\n - Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2011)\n\n - Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2156)\n\n - Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2157)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2158)\n\n - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an\n attacker who convinced a user to install a malicious extension to obtain potentially sensitive information\n from a user's local files via a crafted HTML page. (CVE-2022-2160)\n\n - Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who\n convinced the user to engage in specific user interactions to potentially exploit heap corruption via\n specific UI interactions. (CVE-2022-2161)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53\n allowed a remote attacker to bypass file system access via a crafted HTML page. (CVE-2022-2162)\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker\n who convinced a user to install a malicious extension to bypass discretionary access control via a crafted\n HTML page. (CVE-2022-2164)\n\n - Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote\n attacker to perform domain spoofing via IDN homographs via a crafted domain name. (CVE-2022-2165)\n\n - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. (CVE-2022-22021)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-24475)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-24523, CVE-2022-26905)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26891)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26894)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26895)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26900)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909,\n CVE-2022-26912. (CVE-2022-26908)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908,\n CVE-2022-26912. (CVE-2022-26909)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908,\n CVE-2022-26909. (CVE-2022-26912)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30128. (CVE-2022-30127)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30127. (CVE-2022-30128)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-33638, CVE-2022-33639. (CVE-2022-30192)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30192, CVE-2022-33639. (CVE-2022-33638)\n\n - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from\n CVE-2022-30192, CVE-2022-33638. (CVE-2022-33639)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-0801)\n \n - Please review the referenced CVE identifiers for details. (CVE-2022-29144, CVE-2022-29146,\n CVE-2022-29147)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-25\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=773040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=787950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=800181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=810781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=815397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=828519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=834477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=836830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=837497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=841371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=847370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=847613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=848864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=851003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=851009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=853229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=853643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=854372\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-103.0.5060.53\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-103.0.5060.53\n \nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-103.0.5060.53\n \nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-103.0.5060.53\n \nAll QtWebEngine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=dev-qt/qtwebengine-5.15.5_p20220618\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0809\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"dev-qt/qtwebengine\",\n 'unaffected' : make_list(\"ge 5.15.5_p20220618\"),\n 'vulnerable' : make_list(\"lt 5.15.5_p20220618\")\n },\n {\n 'name' : \"www-client/chromium\",\n 'unaffected' : make_list(\"ge 103.0.5060.53\"),\n 'vulnerable' : make_list(\"lt 103.0.5060.53\")\n },\n {\n 'name' : \"www-client/google-chrome\",\n 'unaffected' : make_list(\"ge 103.0.5060.53\"),\n 'vulnerable' : make_list(\"lt 103.0.5060.53\")\n },\n {\n 'name' : \"www-client/microsoft-edge\",\n 'unaffected' : make_list(\"ge 101.0.1210.47\"),\n 'vulnerable' : make_list(\"lt 101.0.1210.47\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome / Microsoft Edge / QtWebEngine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n opera was updated to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n opera was updated to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix &amp; escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n opera was updated to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n opera was updated to 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10087=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10087-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n - Update to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n - Update to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix &amp; escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n - Update to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n - Changes in 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10088=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10088-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-03T01:17:36", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium was updated to 103.0.5060.134 (boo#1201679):\n\n * CVE-2022-2477 : Use after free in Guest View\n * CVE-2022-2478 : Use after free in PDF\n * CVE-2022-2479 : Insufficient validation of untrusted input in File\n * CVE-2022-2480 : Use after free in Service Worker API\n * CVE-2022-2481: Use after free in Views\n * CVE-2022-2163: Use after free in Cast UI and Toolbar\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10073=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10073=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-01T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-01T00:00:00", "id": "OPENSUSE-SU-2022:10073-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/32RZRSVM5BTCD25ZWPF7FIV6VKPYNU5E/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T21:00:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.114 (boo#1201216)\n\n * CVE-2022-2294: Heap buffer overflow in WebRTC\n * CVE-2022-2295: Type Confusion in V8\n * CVE-2022-2296: Use after free in Chrome OS Shell\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10055=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10055=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10055-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-08T04:08:17", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 88.0.4412.74:\n\n - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches\n\n Update to 88.0.4412.53\n\n - DNA-99108 [Lin] Options on video pop out not possible to change\n - DNA-99832 On automatic video popout, close button should not stop video\n - DNA-99833 Allow turning on and off of each 'BABE' section from gear\n icon\n - DNA-99852 Default browser in Mac installer\n - DNA-99993 Crashes in AudioFileReaderTest,\n FFmpegAACBitstreamConverterTest\n - DNA-100045 iFrame Exception not unblocked with Acceptable Ads\n - DNA-100291 Update snapcraft uploading/releasing in scripts to use\n craft store\n\n Changes in 88.0.4412.40\n\n - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115\n - DNA-99713 Sizing issues with video conferencing controls in PiP window\n - DNA-99831 Add 'back to tab' button like on video pop-out\n\n - The update to chromium 102.0.5005.115 fixes following issues:\n CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011\n\n Changes in 88.0.4412.27\n\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412\n - DNA-99969 Promote O88 to stable\n\n - Complete Opera 88.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-88/\n\n Update to 87.0.4390.45\n\n - DNA-99478 Top Sites don\ufffd\ufffd\ufffdt always has big icon\n - DNA-99702 Enable Acceptable Ads for stable stream\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n\n - Update to 87.0.4390.36\n - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67\n - DNA-99190 Investigate windows installer signature errors on win7\n - DNA-99502 Sidebar \ufffd\ufffd\ufffd API to open panels\n - DNA-99593 Report sad tab displayed counts per kind\n - DNA-99628 Personalized Speed Dial context menu issue fix\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10057-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-03T01:17:51", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.53 (boo#1200783)\n\n * CVE-2022-2156: Use after free in Base\n * CVE-2022-2157: Use after free in Interest groups\n * CVE-2022-2158: Type Confusion in V8\n * CVE-2022-2160: Insufficient policy enforcement in DevTools\n * CVE-2022-2161: Use after free in WebApp Provider\n * CVE-2022-2162: Insufficient policy enforcement in File System API\n * CVE-2022-2163: Use after free in Cast UI and Toolbar\n * CVE-2022-2164: Inappropriate implementation in Extensions API\n * CVE-2022-2165: Insufficient data validation in URL formatting\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10035=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-29T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-29T00:00:00", "id": "OPENSUSE-SU-2022:10035-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RFQ3I5UT56IYLUPIBNVXMKHLCHYQ22Z4/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-03T01:17:51", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.53 (boo#1200783)\n\n * CVE-2022-2156: Use after free in Base\n * CVE-2022-2157: Use after free in Interest groups\n * CVE-2022-2158: Type Confusion in V8\n * CVE-2022-2160: Insufficient policy enforcement in DevTools\n * CVE-2022-2161: Use after free in WebApp Provider\n * CVE-2022-2162: Insufficient policy enforcement in File System API\n * CVE-2022-2163: Use after free in Cast UI and Toolbar\n * CVE-2022-2164: Inappropriate implementation in Extensions API\n * CVE-2022-2165: Insufficient data validation in URL formatting\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10036=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-29T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-29T00:00:00", "id": "OPENSUSE-SU-2022:10036-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SUIIAMNE5ZGO2NZSXKZINOMI3IDGX2NA/", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-03T17:00:00", "description": "### *Detect date*:\n07/28/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOpera earlier than 89.0.4447.71\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 89](<https://blogs.opera.com/desktop/changelog-for-89/#b4447.71>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-2163](<https://vulners.com/cve/CVE-2022-2163>)5.0Warning \n[CVE-2022-2478](<https://vulners.com/cve/CVE-2022-2478>)5.0Warning \n[CVE-2022-2479](<https://vulners.com/cve/CVE-2022-2479>)5.0Warning \n[CVE-2022-2477](<https://vulners.com/cve/CVE-2022-2477>)5.0Warning \n[CVE-2022-2480](<https://vulners.com/cve/CVE-2022-2480>)5.0Warning \n[CVE-2022-2481](<https://vulners.com/cve/CVE-2022-2481>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "kaspersky", "title": "KLA12596 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-10-18T00:00:00", "id": "KLA12596", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12596/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:05", "description": "### *Detect date*:\n07/22/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2481>) \n[CVE-2022-2477](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2477>) \n[CVE-2022-2479](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2479>) \n[CVE-2022-2480](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2480>) \n[CVE-2022-2478](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2478>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2478](<https://vulners.com/cve/CVE-2022-2478>)5.0Warning \n[CVE-2022-2479](<https://vulners.com/cve/CVE-2022-2479>)5.0Warning \n[CVE-2022-2477](<https://vulners.com/cve/CVE-2022-2477>)5.0Warning \n[CVE-2022-2480](<https://vulners.com/cve/CVE-2022-2480>)5.0Warning \n[CVE-2022-2481](<https://vulners.com/cve/CVE-2022-2481>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "kaspersky", "title": "KLA12592 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-10-18T00:00:00", "id": "KLA12592", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12592/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:07", "description": "### *Detect date*:\n06/21/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 103.0.5060.134\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-2478](<https://vulners.com/cve/CVE-2022-2478>)5.0Warning \n[CVE-2022-2479](<https://vulners.com/cve/CVE-2022-2479>)5.0Warning \n[CVE-2022-2477](<https://vulners.com/cve/CVE-2022-2477>)5.0Warning \n[CVE-2022-2480](<https://vulners.com/cve/CVE-2022-2480>)5.0Warning \n[CVE-2022-2481](<https://vulners.com/cve/CVE-2022-2481>)5.0Warning \n[CVE-2022-4915](<https://vulners.com/cve/CVE-2022-4915>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-21T00:00:00", "type": "kaspersky", "title": "KLA12590 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-4915"], "modified": "2023-10-18T00:00:00", "id": "KLA12590", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12590/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:21", "description": "### *Detect date*:\n07/04/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 103.0.5060.114\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "kaspersky", "title": "KLA12578 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-09-29T00:00:00", "id": "KLA12578", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12578/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:10", "description": "### *Detect date*:\n07/14/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOpera earlier than 89.0.4447.48\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 89](<https://blogs.opera.com/desktop/changelog-for-89/#b4447.48>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-14T00:00:00", "type": "kaspersky", "title": "KLA12587 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-09-29T00:00:00", "id": "KLA12587", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12587/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:19", "description": "### *Detect date*:\n07/06/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) \n[CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T00:00:00", "type": "kaspersky", "title": "KLA12579 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-09-29T00:00:00", "id": "KLA12579", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12579/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:29", "description": "### *Detect date*:\n06/23/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2156](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2156>) \n[CVE-2022-2164](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2164>) \n[CVE-2022-30192](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30192>) \n[CVE-2022-2158](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2158>) \n[CVE-2022-2161](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2161>) \n[CVE-2022-2157](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2157>) \n[CVE-2022-2165](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2165>) \n[CVE-2022-2160](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2160>) \n[CVE-2022-33638](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33638>) \n[CVE-2022-2162](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2162>) \n[CVE-2022-2163](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2163>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2160](<https://vulners.com/cve/CVE-2022-2160>)5.0Warning \n[CVE-2022-2164](<https://vulners.com/cve/CVE-2022-2164>)5.0Warning \n[CVE-2022-2165](<https://vulners.com/cve/CVE-2022-2165>)5.0Warning \n[CVE-2022-2158](<https://vulners.com/cve/CVE-2022-2158>)5.0Warning \n[CVE-2022-2163](<https://vulners.com/cve/CVE-2022-2163>)5.0Warning \n[CVE-2022-2157](<https://vulners.com/cve/CVE-2022-2157>)5.0Warning \n[CVE-2022-2156](<https://vulners.com/cve/CVE-2022-2156>)5.0Warning \n[CVE-2022-2162](<https://vulners.com/cve/CVE-2022-2162>)5.0Warning \n[CVE-2022-2161](<https://vulners.com/cve/CVE-2022-2161>)5.0Warning \n[CVE-2022-30192](<https://vulners.com/cve/CVE-2022-30192>)5.1High \n[CVE-2022-33638](<https://vulners.com/cve/CVE-2022-33638>)5.1High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-23T00:00:00", "type": "kaspersky", "title": "KLA12572 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-30192", "CVE-2022-33638"], "modified": "2023-09-29T00:00:00", "id": "KLA12572", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12572/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:30", "description": "### *Detect date*:\n06/21/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code.\n\n### *Affected products*:\nGoogle Chrome earlier than 103.0.5060.53\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-2160](<https://vulners.com/cve/CVE-2022-2160>)5.0Warning \n[CVE-2022-2164](<https://vulners.com/cve/CVE-2022-2164>)5.0Warning \n[CVE-2022-2165](<https://vulners.com/cve/CVE-2022-2165>)5.0Warning \n[CVE-2022-2158](<https://vulners.com/cve/CVE-2022-2158>)5.0Warning \n[CVE-2022-2163](<https://vulners.com/cve/CVE-2022-2163>)5.0Warning \n[CVE-2022-2157](<https://vulners.com/cve/CVE-2022-2157>)5.0Warning \n[CVE-2022-2156](<https://vulners.com/cve/CVE-2022-2156>)5.0Warning \n[CVE-2022-2162](<https://vulners.com/cve/CVE-2022-2162>)5.0Warning \n[CVE-2022-2161](<https://vulners.com/cve/CVE-2022-2161>)5.0Warning \n[CVE-2022-2415](<https://vulners.com/cve/CVE-2022-2415>)5.0Warning \n[CVE-2022-4916](<https://vulners.com/cve/CVE-2022-4916>)5.0Warning \n[CVE-2022-4917](<https://vulners.com/cve/CVE-2022-4917>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-21T00:00:00", "type": "kaspersky", "title": "KLA12571 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-2415", "CVE-2022-4916", "CVE-2022-4917"], "modified": "2023-09-29T00:00:00", "id": "KLA12571", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12571/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 11 security fixes, including:\n\n[1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14\n[1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13\n[1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28\n[1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27\n[1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04\n[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-19T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-07-19T00:00:00", "id": "27CC4258-0805-11ED-8AC1-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/27cc4258-0805-11ed-8ac1-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 4 security fixes, including:\n\n[1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01\n[1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n[1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 14 security fixes, including:\n\n[1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11\n[1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19\n[1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29\n[1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14\n[1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30\n[1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19\n[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21\n[1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by Jos\u00e9 Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10\n[1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-21T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-21T00:00:00", "id": "B2A4C5F1-F1FE-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-12-04T10:04:56", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5187-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 22, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2163 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 \n CVE-2022-2480 CVE-2022-2481\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.134-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T18:19:58", "type": "debian", "title": "[SECURITY] [DSA 5187-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-07-22T18:19:58", "id": "DEBIAN:DSA-5187-1:5725F", "href": "https://lists.debian.org/debian-security-announce/2022/msg00156.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T10:05:11", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5180-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 11, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2294 CVE-2022-2295 CVE-2022-2296\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-11T17:47:32", "type": "debian", "title": "[SECURITY] [DSA 5180-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-11T17:47:32", "id": "DEBIAN:DSA-5180-1:E631C", "href": "https://lists.debian.org/debian-security-announce/2022/msg00148.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T10:06:16", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5168-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 22, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 \n CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 \n CVE-2022-2165\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.53-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-22T18:25:55", "type": "debian", "title": "[SECURITY] [DSA 5168-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-22T18:25:55", "id": "DEBIAN:DSA-5168-1:EEDFE", "href": "https://lists.debian.org/debian-security-announce/2022/msg00136.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-03T17:33:22", "description": "The chromium-browser-stable package has been updated to version 103.0.5060.134 branch, fixing many bugs and 11 CVE. Some of them are listed below. Use after free in Guest View. (CVE-2022-2477) Use after free in PDF. (CVE-2022-2478) Insufficient validation of untrusted input in File. (CVE-2022-2479) Use after free in Service Worker API. (CVE-2022-2480) Use after free in Views. (CVE-2022-2481) Use after free in Cast UI and Toolbar. (CVE-2022-2163) Various fixes from internal audits, fuzzing and other initiatives \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-29T23:53:30", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-07-29T23:53:30", "id": "MGASA-2022-0268", "href": "https://advisories.mageia.org/MGASA-2022-0268.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:22", "description": "The updated packages fix security vulnerabilities and other issues. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-20T13:04:13", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-20T13:04:13", "id": "MGASA-2022-0287", "href": "https://advisories.mageia.org/MGASA-2022-0287.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:22", "description": "The chromium-browser-stable package has been updated to the 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: Use after free in Base. (CVE-2022-2156) Use after free in Interest groups. (CVE-2022-2157) Type Confusion in V8. (CVE-2022-2158) Insufficient policy enforcement in DevTools. (CVE-2022-2160) Use after free in WebApp Provider. (CVE-2022-2161) Insufficient policy enforcement in File System API. (CVE-2022-2162) Use after free in Cast UI and Toolbar. (CVE-2022-2163) Inappropriate implementation in Extensions API. (CVE-2022-2164) Insufficient data validation in URL formatting. (CVE-2022-2165) Various fixes from internal audits, fuzzing and other initiatives \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-24T23:50:43", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165"], "modified": "2022-06-24T23:50:43", "id": "MGASA-2022-0241", "href": "https://advisories.mageia.org/MGASA-2022-0241.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2022-07-25T11:59:14", "description": "The latest Google Chrome update includes 11 security fixes, some of which could be exploited by an attacker to take control of an affected system. Google Chrome&#x27;s Stable channel has been [updated to 103.0.5060.134](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html>) for Windows, Mac, and Linux, and the new version will roll out over the coming days/weeks.\n\n## Vulnerabilities\n\nOf the 11 security fixes five are use-after-free issues, including four that are marked with a severity of \u201chigh.\u201d Use after free (UAF) vulnerabilities occur because of the incorrect use of dynamic memory during a program\u2019s operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The four high-severity use-after-free vulnerabilities resolved with the latest Chrome update are tracked as follows:\n\n[**CVE-2022-2477**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2477>) is a use-after-free vulnerability in Guest View that could allow arbitrary code execution following interaction by the victim.\n\n[**CVE-2022-2478**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2478>) is a use-after-free vulnerability in Chrome&#x27;s PDF handling code. Not many details are available but the attacker needs the victim to engage in some kind of user interaction to exploit this vulnerability.\n\n[**CVE-2022-2479**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2479>) is caused by insufficient validation of untrusted input in File. No further details were given but successful exploitation requires user interaction by the victim.\n\n**[CVE-2022-2480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2480>) **is a use-after-free vulnerability in Chrome&#x27;s Service Worker API. (Service workers are specialized JavaScript assets that act as proxies between web browsers and web servers.)\n\n[**CVE-2022-2481**](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2481>) is a use-after-free vulnerability in Views. The Chrome user interface is constructed of a tree of components called Views. These Views are responsible for rendering, layout, and event handling.\n\n## How to protect yourself\n\nIf you\u2019re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. Android users will also find an update waiting.\n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong\u2014such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerabilities in this batch. My preferred method is to have Chrome open the page `chrome://settings/help` which you can also find by clicking **Settings &gt; About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\nChrome is up to date\n\nAfter the update the version should be **103.0.5060.134** or later.\n\nStay safe, everyone!\n\nThe post [Update Google Chrome now! New version includes 11 important security patches](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-google-chrome-now-new-version-includes-important-security-patches/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-07-25T11:39:51", "type": "malwarebytes", "title": "Update Google Chrome now! New version includes 11 important security patches", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-07-25T11:39:51", "id": "MALWAREBYTES:0EA0ACAED3005CD12F07560D039DE57E", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-google-chrome-now-new-version-includes-important-security-patches/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-05T15:58:36", "description": "Google has released version 103.0.5060.114 for Chrome, now available in the [Stable Desktop channel](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) worldwide. The main goal of this new version is to patch CVE-2022-2294.\n\n[CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications (WebRTC) component which is being exploited in the wild. This is the fourth Chrome zero-day to be patched in 2022.\n\n## Heap buffer overflow\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\nA buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n\nThe heap is an area of memory made available use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.\n\n## The vulnerability\n\nWebRTC on Chrome is the first true in-browser solution to real-time communications (RTC). It supports video, voice, and generic data to be sent between peers, allowing developers to build powerful voice- and video-communication solutions. The technology is available on all modern browsers as well as on native clients for all major platforms.\n\nA WebRTC application will usually go through a common application flow. Access the media devices, open peer connections, discover peers, and start streaming. Since Google does not disclose details about the vulnerability until everyone has had ample opportunity to install the fix it is unclear in what stage the vulnerability exists.\n\n## How to protect yourself\n\nIf you\u2019re a Chrome user on Windows or Mac, you should update as soon as possible.\n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerability. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings &gt; About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\n\n\nAfter the update the version should be 103.0.5060.114 or later.\n\n\n\nSince WebRTC is a Chromium component, users of other Chromium based browsers may see a similar update.\n\nStay safe, everyone!\n\nThe post [Update now! Chrome patches ANOTHER zero-day vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-07-05T13:56:04", "type": "malwarebytes", "title": "Update now! Chrome patches ANOTHER zero-day vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-05T13:56:04", "id": "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-06T00:03:08", "description": "On Friday, Google [announced](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) the release of a new version of its Chrome browser that includes a security fix for a zero-day tracked as [CVE-2022-3075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3075>). As with previous announcements, technical details about the vulnerability won't be released until a certain number of Chrome users have already applied the patch.\n\nGoogle is urging its Windows, Mac, and Linux users to update Chrome to version** 105.0.5195.102**.\n\nCVE-2022-3075 is described as an \"[i]nsufficient data validation in Mojo\". According to Chromium documents, Mojo is \"a collection of runtime libraries&quot; that facilitates interfacing standard, low-level interprocess communication (IPC) primitives. Mojo provides a platform-agnostic abstraction of these primitives, which comprise most of Chrome's code.\n\nAn anonymous security researcher is credited for discovering and reporting the flaw.\n\nCVE-2022-3075 is the sixth zero-day Chrome vulnerability Google had to address. The previous ones were:\n\n * [C](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>)[VE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a Use-after-Free (UAF) vulnerability, which was patched in February\n * [CVE-2022-1096](<https://www.malwarebytes.com/blog/news/2022/03/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild>), a \"Type Confusion in V8\" vulnerability, which was patched in March\n * [CVE-2022-1364](<https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-zero-day-used-in-attacks/>), a flaw in the V8 JavaScript engine, which was patched in April\n * [CVE-2022-2294](<https://www.malwarebytes.com/blog/news/2022/07/update-now-chrome-patches-another-zero-day-vulnerability>), a flaw in the Web Real-Time Communications (WebRTC), which was patched in July\n * [CVE-2022-2856](<https://www.malwarebytes.com/blog/news/2022/08/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild>), an insufficient input validation flaw, which was patched in August\n\nGoogle Chrome needs minimum oversight as it updates automatically. However, if you're in the habit of not closing your browser or have extensions that may hinder Chrome from automatically doing this, please check your browser every now and then.\n\nOnce Chrome notifies you of an available update, don't hesitate to download it. The patch is applied once you relaunch the browser.\n\n\n\nStay safe!", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-05T16:30:00", "type": "malwarebytes", "title": "Zero-day puts a dent in Chrome's mojo", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-05T16:30:00", "id": "MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "href": "https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2023-12-03T20:12:28", "description": "The Stable channel has been updated to 103.0.5060.134 for Windows,Mac and Linux which will roll out over the coming days/weeks. \n\n\n\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.114..103.0.5060.134?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven&#x27;t yet fixed.\n\n\n\n\nThis update includes [12](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-2-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$16000][[1336266](<https://crbug.com/1336266>)] High CVE-2022-2477 : Use after free in Guest View. Reported by anonymous on 2022-06-14\n\n[$7500][[1335861](<https://crbug.com/1335861>)] High CVE-2022-2478 : Use after free in PDF. Reported by triplepwns on 2022-06-13\n\n[$3000][[1329987](<https://crbug.com/1329987>)] High CVE-2022-2479 : Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28\n\n[$NA][[1339844](<https://crbug.com/1339844>)] High CVE-2022-2480 : Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27\n\n[$TBD][[1341603](<https://crbug.com/1341603>)] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04\n\n[$500][[1329541](<https://crbug.com/1329541>)] **Medium **CVE-2022-4915: Inappropriate implementation in URL Formatting. Reported by Thomas Orlita _on 2022-05-26_\n\n[$7000][[1308341](<https://crbug.com/1308341>)]Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng\n\n(@ret2happy) on 2022-03-21\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1345513](<https://crbug.com/1345513>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome[null](<https://support.google.com/chrome/community>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-19T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-4915"], "modified": "2022-07-19T00:00:00", "id": "GCSA-8112704297585884798", "href": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:16:54", "description": "The Stable channel has been updated to 103.0.5060.114 for Windows. which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.53..103.0.5060.114?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven&#x27;t yet fixed.\n\n\n\n\nThis update includes [4](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n[$TBD][[1341043](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 \n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16 \n\n[$3000][[1327087](<https://crbug.com/1327087>)] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 \n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1338205](<https://crbug.com/1338205>)] Various fixes from internal audits, fuzzing and other initiatives\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "GCSA-5089288012050676645", "href": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:16:54", "description": "Hi, everyone! We've just released Chrome 103 (103.0.5060.71) for Android: it'll become [available on Google Play](<https://play.google.com/store/apps/details?id=com.android.chrome>) over the next few days.\n\nThis release includes security,stability and performance improvements. You can see a full list of the changes in the [Git log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.70..103.0.5060.71?pretty=fuller&n=10000>). \n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven&#x27;t yet fixed.\n\n\n\n\nThis update includes [3](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$TBD][[1327312](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC.\n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1341569](<https://crbug.com/1341569>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL.\n\nIf you find a new issue, please let us know by [filing a bug](<https://code.google.com/p/chromium/issues/entry?template=Android%20Issue>). \n\n\n\nKrishna Govind \n[Google Chrome](<https://www.google.com/chrome/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Chrome for Android Update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-07-04T00:00:00", "id": "GCSA-7720125337817983232", "href": "https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:21:05", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-07-11T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2296", "CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-08-10T07:21:00", "id": "OSV:DSA-5180-1", "href": "https://osv.dev/vulnerability/DSA-5180-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:07:33", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.53-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-06-22T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2158", "CVE-2022-2164", "CVE-2022-2156", "CVE-2022-2165", "CVE-2022-2415", "CVE-2022-2163", "CVE-2022-2160", "CVE-2022-2157", "CVE-2022-2161", "CVE-2022-2162"], "modified": "2022-08-10T07:07:31", "id": "OSV:DSA-5168-1", "href": "https://osv.dev/vulnerability/DSA-5168-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2022-07-05T11:54:40", "description": "While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.\n\nChrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in [separate ](<https://chromereleases.googleblog.com/>)[blog posts](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.\n\nThe vulnerability, tracked as [CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) and reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1**, **is described as a buffer overflow, \u201cwhere the buffer that can be overwritten is allocated in the heap portion of memory,\u201d according to the vulnerability\u2019s [listing](<https://cwe.mitre.org/data/definitions/122.html>) on the Common Weakness Enumeration (CWE) website.\n\nAs per usual, Google did not reveal specific details about the bug, as it generally waits until most have updated to the patched version of the affected product. Indeed, updating is strongly recommended, as exploits for the vulnerability already exist in the wild, Google said.\n\nMoreover, with scant details revealed about the flaw\u2014a habit of Google\u2019s that many security researchers find frustrating\u2014at this point an update is really only way to defend against attacks exploiting the flaw. Fortunately, Google Chrome updates are pushed out without user intervention, so most users will be protected once patches are available.\n\nBuffer overflows generally lead to crashes or other attacks that make the affected program unavailable including putting the program into an infinite loop, according to the CWE listing. Attackers can take advantage of the situation by using the crash to execute arbitrary code typically outside of the scope of the program\u2019s security policy.\n\n\u201cBesides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\u2019s code,\u201d according to the listing. \u201cEven in applications that do not explicitly use function pointers, the run-time will usually leave many in memory.\u201d\n\n## **Other Fixes**\n\nIn addition to fixing the zero-day buffer overflow flaw, the Chrome releases also patch a type confusion flaw in the V8 JavaScript engine tracked as [CVE-2022-2295](<https://security-tracker.debian.org/tracker/CVE-2022-2295>) and reported June 16 by researchers \u201cavaue\u201d and \u201cBuff3tts\u201d at S.S.L., according to the post.\n\nThis is the third such flaw in the open-source engine used by Chrome and Chromium-based web browsers patched this year alone. In March a separate type-confusion issue in the V8 JavaScript engine tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>) from Google.\n\nThen in April, the company patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), another type confusion flaw affecting Chrome\u2019s use of V8 on which attackers already had pounced.\n\nAnother flaw patched in Monday\u2019s Chrome update is a use-after-free flaw in Chrome OS Shell reported by Khalil Zhani on May 19 and tracked as [CVE-2022-2296](<https://cve.report/CVE-2022-2296>), according to Google. All of the flaws patched in this week\u2019s update received a rating of high. The updates also includes several fixes from internal audits, fuzzing and other initiatives, Google said.\n\nPrior to patching the Chrome V8 JavaScript engine flaws in March and April, Google in February already had patched a zero-day use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that [was under active attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T11:54:21", "type": "threatpost", "title": "Google Patches Actively Exploited Chrome Bug", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-05T11:54:21", "id": "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "href": "https://threatpost.com/actively-exploited-chrome-bug/180118/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:33:28", "description": "Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.\n\nThe bug, tracked as [CVE-2022-2856](<https://vulners.com/cve/CVE-2022-2856>) and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with \u201cinsufficient validation of untrusted input in Intents,\u201d according to [the advisory](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) posted by Google.\n\nGoogle credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19. The advisory also unveiled 10 other patches for various other Chrome issues.\n\nIntents are a deep linking feature on the Android device within the Chrome browser that replaced URI schemes, which previously handled this process, [according to Branch](<https://branch.io/glossary/chrome-intents/>), a company that offers various linking options for mobile applications.\n\n\u201cInstead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document,\u201d the company explained on its website. Intent \u201cadds complexity\u201d but \u201cautomatically handles the case of the mobile app not being installed\u201d within links, according to the post.\n\nInsufficient validation is associated with input validation, a frequently-used technique for checking potentially dangerous inputs to ensure that they are safe for processing within the code, or when communicating with other components, [according to MITRE\u2019s Common Weakness Enumeration site](<https://cwe.mitre.org/data/definitions/20.html>).\n\n\u201cWhen software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application,\u201d according to a post on the site. \u201cThis will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.\u201d\n\n**Fending Off Exploits**\n\nAs is typical, Google did not disclose specific details of the bug until it is widely patched to avoid threat actors taking further advantage of it, a strategy that one security professional noted is a wise one.\n\n\u201cPublicizing details on an actively exploited zero-day vulnerability just as a patch becomes available could have dire consequences, because it takes time to roll out security updates to vulnerable systems and attackers are champing at the bit to exploit these types of flaws,\u201d observed Satnam Narang, senior staff research engineer at cybersecurity firm [Tenable,](<https://www.tenable.com/>) in an email to Threatpost.\n\n** **Holding back info is also sound given that other Linux distributions and browsers, such as Microsoft Edge, also include code based on Google\u2019s Chromium Project. These all could be affected if an exploit for a vulnerability is released, he said.\n\n\u201cIt is extremely valuable for defenders to have that buffer,\u201d Narang added.\n\nWhile the majority of the fixes in the update are for vulnerabilities rated as high or medium risk, Google did patch a critical bug tracked as [CVE-2022-2852](<https://vulners.com/cve/CVE-2022-2852>), a use-after-free issue in FedCM reported by Sergei Glazunov of Google Project Zero on Aug. 8. FedCM\u2014short for the Federated Credential Management API\u2013provides a use-case-specific abstraction for federated identity flows on the web, [according to Google](<https://developer.chrome.com/docs/privacy-sandbox/fedcm/>).\n\n**Fifth Chrome 0Day Patch So Far**\n\nThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.\n\nIn July, the company fixed an [actively exploited heap buffer overflow flaw](<https://threatpost.com/actively-exploited-chrome-bug/180118/>) tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) in WebRTC, the engine that gives Chrome its real-time communications capability, while in May it was a separate buffer overflow flaw tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) and under active attack that got slapped with a patch.\n\nIn April, Google patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), a type confusion flaw affecting Chrome\u2019s use of the V8 JavaScript engine on which attackers already had pounced. The previous month a separate type-confusion issue in V8 tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack also [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>).\n\nFebruary saw a fix for the first of this year\u2019s Chrome zero-days, a use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that already [was under attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>). Later [it was revealed](<https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/>) that North Korean hackers were exploiting the flaw weeks before it was discovered and patched.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T14:31:38", "type": "threatpost", "title": "Google Patches Chrome\u2019s Fifth Zero-Day of the Year", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2852", "CVE-2022-2856"], "modified": "2022-08-18T14:31:38", "id": "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC", "href": "https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-12-03T19:08:43", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:30:57", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-103.0.5060.114-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-28T01:30:57", "id": "FEDORA:1AA1C30A3C1B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:08:43", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T01:28:06", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-103.0.5060.114-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-28T01:28:06", "id": "FEDORA:29E5830A072A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:08:51", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2023-08-19T00:48:25", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: chromium-115.0.5790.170-2.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1919", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2481", "CVE-2022-3443", "CVE-2022-3444", "CVE-2022-4911", "CVE-2022-4912", "CVE-2022-4913", "CVE-2022-4914", "CVE-2022-4915", "CVE-2022-4916", "CVE-2022-4917", "CVE-2022-4918", "CVE-2022-4919", "CVE-2022-4920"], "modified": "2023-08-19T00:48:25", "id": "FEDORA:12E6A205AC4A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:08:51", "description": "Yet Another JSON Library. YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. ", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-16T01:27:03", "type": "fedora", "title": "[SECURITY] Fedora 38 Update: yajl-2.1.0-21.fc38", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16516", "CVE-2022-2479", "CVE-2022-24795", "CVE-2023-3346", "CVE-2023-33460"], "modified": "2023-07-16T01:27:03", "id": "FEDORA:92EE321072E6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:08:51", "description": "Yet Another JSON Library. YAJL is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. ", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-27T02:05:39", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: yajl-2.1.0-21.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16516", "CVE-2022-2479", "CVE-2022-24795", "CVE-2023-3346", "CVE-2023-33460"], "modified": "2023-07-27T02:05:39", "id": "FEDORA:B673920D02CF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:08:51", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2023-08-12T04:26:44", "type": "fedora", "title": "[SECURITY] Fedora 38 Update: chromium-115.0.5790.170-1.fc38", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4316", "CVE-2021-4317", "CVE-2021-4318", "CVE-2021-4319", "CVE-2021-4320", "CVE-2021-4321", "CVE-2021-4322", "CVE-2021-4323", "CVE-2021-4324", "CVE-2022-1919", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2481", "CVE-2022-3443", "CVE-2022-3444", "CVE-2022-4911", "CVE-2022-4912", "CVE-2022-4913", "CVE-2022-4914", "CVE-2022-4915", "CVE-2022-4916", "CVE-2022-4917", "CVE-2022-4918", "CVE-2022-4919", "CVE-2022-4920", "CVE-2022-4921", "CVE-2022-4922", "CVE-2022-4923", "CVE-2022-4924", "CVE-2022-4925", "CVE-2022-4926", "CVE-2023-3727", "CVE-2023-3728", "CVE-2023-3730", "CVE-2023-3733", "CVE-2023-3734", "CVE-2023-3735", "CVE-2023-3736", "CVE-2023-3737", "CVE-2023-3738", "CVE-2023-3740", "CVE-2023-4068", "CVE-2023-4069", "CVE-2023-4070", "CVE-2023-4072", "CVE-2023-4073", "CVE-2023-4074", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4077", "CVE-2023-4078"], "modified": "2023-08-12T04:26:44", "id": "FEDORA:E86E1204EDA4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-20T23:25:26", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T15:54:00", "id": "PRION:CVE-2022-2294", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:25:28", "description": "Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2296"], "modified": "2022-10-26T15:08:00", "id": "PRION:CVE-2022-2296", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2296", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:28:37", "description": "Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477"], "modified": "2023-08-19T03:15:00", "id": "PRION:CVE-2022-2477", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:28:41", "description": "Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2480"], "modified": "2023-08-19T03:15:00", "id": "PRION:CVE-2022-2480", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:25:27", "description": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Type confusion", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2295"], "modified": "2022-10-26T14:05:00", "id": "PRION:CVE-2022-2295", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2295", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:28:38", "description": "Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2478"], "modified": "2023-08-19T03:15:00", "id": "PRION:CVE-2022-2478", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2478", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:28:40", "description": "Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2479"], "modified": "2023-08-19T03:15:00", "id": "PRION:CVE-2022-2479", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-20T23:28:42", "description": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2481"], "modified": "2023-08-19T03:15:00", "id": "PRION:CVE-2022-2481", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:22:57", "description": "Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163"], "modified": "2022-10-26T13:50:00", "id": "PRION:CVE-2022-2163", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2163", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-12-03T21:51:05", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T16:32:48", "type": "mscve", "title": "Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-07T07:00:00", "id": "MS:CVE-2022-2294", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:49", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2480 Use after free in Service Worker API", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2480"], "modified": "2022-07-22T07:00:00", "id": "MS:CVE-2022-2480", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:49", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2477 Use after free in Guest View", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477"], "modified": "2022-07-22T07:00:00", "id": "MS:CVE-2022-2477", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:51:05", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T16:32:51", "type": "mscve", "title": "Chromium: CVE-2022-2295 Type Confusion in V8", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2295"], "modified": "2022-07-07T07:00:00", "id": "MS:CVE-2022-2295", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2295", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:49", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2478 Use after free in PDF", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2478"], "modified": "2022-07-22T07:00:00", "id": "MS:CVE-2022-2478", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2478", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:49", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-22T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2481 Use after free in Views", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2481"], "modified": "2022-07-22T07:00:00", "id": "MS:CVE-2022-2481", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:49", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-07-22T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2479"], "modified": "2022-07-22T07:00:00", "id": "MS:CVE-2022-2479", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T21:51:06", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-23T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2163 Use after free in Cast UI and Toolbar", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163"], "modified": "2022-06-23T07:00:00", "id": "MS:CVE-2022-2163", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2163", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T14:50:20", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2294", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-11-25T11:15:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0", "cpe:/a:webrtc_project:webrtc:-", "cpe:/o:fedoraproject:fedora:36"], "id": "CVE-2022-2294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:50:27", "description": "Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2296", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2296"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:36"], "id": "CVE-2022-2296", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2296", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:59:21", "description": "Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2477", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477"], "modified": "2023-11-07T03:46:00", "cpe": [], "id": "CVE-2022-2477", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:59:33", "description": "Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2480", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2480"], "modified": "2023-11-07T03:46:00", "cpe": [], "id": "CVE-2022-2480", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:59:23", "description": "Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2478", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2478"], "modified": "2023-11-07T03:46:00", "cpe": [], "id": "CVE-2022-2478", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2478", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:50:25", "description": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2295", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2295"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:36"], "id": "CVE-2022-2295", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2295", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:59:33", "description": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2481", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2481"], "modified": "2023-11-07T03:46:00", "cpe": [], "id": "CVE-2022-2481", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:59:29", "description": "Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2479", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2479"], "modified": "2023-11-07T03:46:00", "cpe": [], "id": "CVE-2022-2479", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-12-03T14:43:30", "description": "Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2163", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:36"], "id": "CVE-2022-2163", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2163", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-12-03T13:33:55", "description": "Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to\n103.0.5060.114 allowed a remote attacker who convinced a user to engage in\nspecific user interactions to potentially exploit heap corruption via\ndirect UI interactions.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2296", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2296"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2296", "href": "https://ubuntu.com/security/CVE-2022-2296", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:33:58", "description": "Use after free in Service Worker API in Google Chrome prior to\n103.0.5060.134 allowed a remote attacker to potentially exploit heap\ncorruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2480", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2480"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2480", "href": "https://ubuntu.com/security/CVE-2022-2480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:33:58", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2294", "href": "https://ubuntu.com/security/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:33:55", "description": "Use after free in Guest View in Google Chrome prior to 103.0.5060.134\nallowed an attacker who convinced a user to install a malicious extension\nto potentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2477", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2477", "href": "https://ubuntu.com/security/CVE-2022-2477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:33:55", "description": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a\nremote attacker who convinced a user to engage in specific user\ninteractions to potentially exploit heap corruption via UI interaction.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2481", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2481"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2481", "href": "https://ubuntu.com/security/CVE-2022-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:33:56", "description": "Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2478", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2478"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2478", "href": "https://ubuntu.com/security/CVE-2022-2478", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:33:57", "description": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2295", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2295"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2295", "href": "https://ubuntu.com/security/CVE-2022-2295", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:33:55", "description": "Insufficient validation of untrusted input in File in Google Chrome on\nAndroid prior to 103.0.5060.134 allowed an attacker who convinced a user to\ninstall a malicious app to obtain potentially sensitive information from\ninternal file directories via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2479", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2479"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2479", "href": "https://ubuntu.com/security/CVE-2022-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T13:33:56", "description": "Use after free in Cast UI and Toolbar in Google Chrome prior to\n103.0.5060.134 allowed an attacker who convinced a user to install a\nmalicious extension to potentially exploit heap corruption via UI\ninteraction.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2163", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2163", "href": "https://ubuntu.com/security/CVE-2022-2163", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-12-03T16:03:10", "description": "Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2296", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2296"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2296", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2296", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2295", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2295"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2295", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2295", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2477", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2477", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2294", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-11-25T11:15:00", "id": "ALPINE:CVE-2022-2294", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2480", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2480"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2480", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2481", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2481"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2481", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2479", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2479"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2479", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2478", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2478"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2478", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2478", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2163", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163"], "modified": "2023-11-07T03:46:00", "id": "ALPINE:CVE-2022-2163", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2163", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T15:19:48", "description": "Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2480", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2480"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2480", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2480", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2296", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2296"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2296", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2296", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2294", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2477", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2477", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2479", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2479"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2479", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2295", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2295"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2295", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2295", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2481", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2481"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2481", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2478", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2478"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2478", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2478", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2163", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2163", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2163", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-10-13T22:33:51", "description": "A heap buffer overflow vulnerability exists in Google Chrome WebRTC. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-22T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome WebRTC Heap Buffer Overflow (CVE-2022-2294)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-09-22T00:00:00", "id": "CPAI-2022-0566", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2022-08-03T09:59:40", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e100/chrome.jpg>)\n\nThe actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.\n\nCzech cybersecurity firm Avast linked the exploitation to [Candiru](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) (aka Saito Tech), which has a history of [leveraging previously unknown flaws](<https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html>) to deploy a Windows malware dubbed **DevilsTongue**, a modular implant with [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>)-like capabilities.\n\nCandiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were [added to the entity list](<https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html>) by the U.S. Commerce Department in November 2021 for engaging in \"malicious cyber activities.\"\n\n\"Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,\" security researcher Jan Vojt\u011b\u0161ek, who reported the discovery of the flaw, [said](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>) in a write-up. \"We believe the attacks were highly targeted.\"\n\nThe vulnerability in question is [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>), memory corruption in the [WebRTC](<https://webrtc.org/>) component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by [Apple](<https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html>) and [Microsoft](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>) in Safari and Edge browsers.\n\nThe findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e100/chrome-exploit.jpg>)\n\nThe infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that's responsible for redirecting potential victims to an exploit server.\n\nVia this watering hole technique, a profile of the victim's browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.\n\nAvast assessed the information was gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of value by the hackers, the zero-day exploit is then delivered to the victim's machine over an encrypted channel.\n\nThe exploit, in turn, abuses the heap buffer overflow in WebRTC to attain shellcode execution. The zero-day flaw is said to have been chained with a sandbox escape exploit (that was never recovered) to gain an initial foothold, using it to drop the DevilsTongue payload.\n\nWhile the sophisticated malware is capable of recording the victim's webcam and microphone, keylogging, exfiltrating messages, browsing history, passwords, locations, and much more, it has also been observed attempting to escalate its privileges by installing a vulnerable signed kernel driver (\"[HW.sys](<https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5>)\") containing a third zero-day exploit.\n\nEarlier this January, ESET [explained](<https://www.eset.com/int/about/newsroom/press-releases/research/esets-research-into-bring-your-own-vulnerable-driver-details-attacks-on-drivers-in-windows-core-1/>) how vulnerable signed kernel drivers - an approach called Bring Your Own Vulnerable Driver ([BYOVD](<https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/>)) - can become unguarded gateways for malicious actors to gain entrenched access to Windows machines. \n\nThe disclosure comes a week after Proofpoint [revealed](<https://thehackernews.com/2022/07/state-backed-hackers-targeting.html>) that nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware since early 2021.\n\n**_Update:_** Google Project Zero shared the below statement following the publication of the story \u2013\n\n\"CVE-2022-2294 is a memory corruption vulnerability in [libWebRTC](<https://webrtc.org/>), a video conferencing library that is widely used by browsers and mobile applications,\" the search giant's cybersecurity teams said. \"Avast reported that this vulnerability was used to target Google Chrome users in the wild.\"\n\n\"The vulnerability potentially affects other browsers, and was recently [patched](<https://support.apple.com/en-us/HT213341>) in Safari. Many mobile applications also contain the vulnerable code, though it is unclear whether the bug is exploitable. We are not aware of any active exploitation targeting platforms other than Chrome. We greatly appreciate Avast detecting and reporting this issue.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-22T06:40:00", "type": "thn", "title": "Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-03T08:33:23", "id": "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "href": "https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-05T16:25:13", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPIpWOjahlvRij54ICh2NyDdEkKI9koTk4lx8UXqPG1hBOVokLO1jZE7QvnnAHX4fw21sdwK34cVKndChvGxTI0QScuSjwYGvpLSpuK9FSFbuXtXzoaxwm6I78OZwM-uyBKf7_r18ShybiBxFrmBcIKJ7pAD2BPSMaEVwJzpBkK1kNSbrrtJ6AmkPk/s728-e100/chrome-update.jpg>)\n\nGoogle on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.\n\nThe shortcoming, tracked as [**CVE-2022-2294**](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>), relates to a heap overflow flaw in the [WebRTC](<https://en.wikipedia.org/wiki/WebRTC>) component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.\n\nHeap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the [heap area of the memory](<https://en.wikipedia.org/wiki/Memory_management#Manual_memory_management>), leading to arbitrary code execution or a denial-of-service (DoS) condition.\n\n\"Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code,\" MITRE [explains](<https://cwe.mitre.org/data/definitions/122.html>). \"When the consequence is arbitrary code execution, this can often be used to subvert any other security service.\"\n\nCredited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Threat Intelligence team. It's worth pointing out that the bug also [impacts](<https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html>) the Android version of Chrome.\n\nAs is usually the case with zero-day exploitation, details pertaining to the flaw as well as other specifics related to the campaign have been withheld to prevent further abuse in the wild and until a significant chunk of users are updated with a fix.\n\nCVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\nThe disclosure shortly follows a report from Google Project Zero, which [noted](<https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html>) that a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild so far this year.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T02:55:00", "type": "thn", "title": "Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294"], "modified": "2022-07-05T13:54:52", "id": "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "href": "https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-17T15:25:34", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3_bb3VbAiNI0HLVud2PvXV4VExBpknt5lLSc3IAtymjftt7sn5yG-gY7yWqZ7D13YpvQEhW_EH4K62wzm6dC_qDTQQokydIY0LHI2Ivvv6v5ShPJk8fOOoh0yQrASsDwCREknRK5SCrggAETbG4yY7w0t3uG53Dnpf3ckvBXKygsIpNHrnmHDrimR/s728-e100/chrome.png>)\n\nGoogle on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.\n\nTracked as **CVE-2022-2856**, the issue has been described as a case of insufficient validation of untrusted input in [Intents](<https://www.chromium.org/developers/web-intents-in-chrome/>). Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.\n\nAs is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. \"Google is aware that an exploit for CVE-2022-2856 exists in the wild,\" it [acknowledged](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) in a terse statement.\n\nThe latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.\n\nThe development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n\nUsers are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T12:02:00", "type": "thn", "title": "New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856"], "modified": "2022-08-17T13:41:27", "id": "THN:EDC4E93542AFAF751E67BF527C826DA4", "href": "https://thehackernews.com/2022/08/new-google-chrome-zero-day.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T06:03:15", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e100/chrome-update.jpg>)\n\nGoogle on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild.\n\nThe issue, assigned the identifier **CVE-2022-3075**, concerns a case of insufficient data validation in [Mojo](<https://chromium.googlesource.com/chromium/src/+/HEAD/mojo/README.md>), which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).\n\nAn anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,\" the internet giant [said](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>), without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw.\n\nThe latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n\nUsers are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-03T03:56:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-06T04:20:05", "id": "THN:0ADE883013E260B4548F6E16D65487D3", "href": "https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-28T12:06:14", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhv36XpOZ1dAQAOtoI2FJrLTIwbrZmkU8pIotJv8smSt1yHSR5Sbs9DtPNusAAMvajmGc-st695EsqO3w1aNTpm9vxASuSHCLI61DemGb3LaAMW7MDDLo4j30s4iE1DZr2UeTpkEHlUc-WwTo0zqCxLNMlSHPLCRNEDT4wpaWQjgJMl3KhUpK7MKa2Z/s728-e100/chrome-zero-day-vulnerability.jpg>)\n\nGoogle on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser.\n\nThe [vulnerability](<https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html>), tracked as **CVE-2022-3723**, has been described as a type confusion flaw in the V8 JavaScript engine.\n\nSecurity researchers Jan Vojt\u011b\u0161ek, Mil\u00e1nek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild,\" the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks.\n\nCVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) and [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>).\n\nThe latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n\nUsers are recommended to upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-28T10:40:00", "type": "thn", "title": "Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723"], "modified": "2022-10-28T10:58:12", "id": "THN:222F7713CA968509F8C385BA29B0B6A5", "href": "https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-26T04:08:15", "description": "[ ](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEikPLibtmTn8N2H14UEsCbQi0mXDkp7d4sxfUThlf9SHApnBVQaXlzTa5_Y_GROcH_HN9A8cDTE0iaRtCHiFqthOucxRIZyrjEzXxqkiX0DQPciOOULFnJ0I4aob50-m5id5elUHNKFtdF-5Ep-jdQVcYtFgUVENLsQkZIYWjXsuoDDYF_UBh0lc0o2/s728-e100/chrome-update.png>)\n\nGoogle on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.\n\nTracked as **CVE-2022-4135**, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.\n\nHeap-based buffer overflow bugs can be [weaponized](<https://cwe.mitre.org/data/definitions/122.html>) by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.\n\n\"Google is aware that an exploit for CVE-2022-4135 exists in the wild,\" the tech giant [acknowledged](<https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html>) in an advisory.\n\nBut like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and to prevent further abuse.\n\nWith the latest update, Google has resolved eight zero-day vulnerabilities in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to upgrade to version 107.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-25T13:12:00", "type": "thn", "title": "Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135"], "modified": "2022-11-26T04:07:40", "id": "THN:FFFF05ECDE44C9ED26B53D328B60689B", "href": "https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-05T06:08:51", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi3-1t-O1Y4Oqvj24RGfItVIc7r4d1BOuWfRH4xG5ilh6GX83VydcDH0Fs1xqW5JUvFrpLzvA9ifqmf2lHts3lgA5VStlmb7c1Msk0yFUv5qzEgEjiU3_EPqVJlK4Z6uzMUFoKmnDAHWtOXsYNv7vEG8yG9H-NwH46z-Z7nAKiihKDF7bzl_Y20QXxS/s728-e100/chrome.png>)\n\nSearch giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.\n\nThe high-severity flaw, tracked as [CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>), concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.\n\nType confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.\n\nAccording to the NIST's National Vulnerability Database, the flaw [permits](<https://nvd.nist.gov/vuln/detail/CVE-2022-4262>) a \"remote attacker to potentially exploit heap corruption via a crafted HTML page.\"\n\nGoogle acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.\n\nCVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also the ninth zero-day flaw attackers have exploited in the wild in 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-4135**](<https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html>) \\- Heap buffer overflow in GPU\n\nUsers are recommended to upgrade to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T04:41:00", "type": "thn", "title": "Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-05T04:33:44", "id": "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "href": "https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-30T04:02:42", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgIeK3eJtR_et6MNbj0n-dcpg6m3XLALiJRPrhIA4yGOSfgFp4GFAJFR2Q3o31-tQcQpuVnc_WCTyR9yoih4dgeHa6orUrdUWCpDX1WWtymO1klV2EcDBa4OBds15BKHAGsEW3hPAVQ_HB772TkQVTfNrqyRvm5rY4qOkI7i3UarIAnOVC8LJfIZ0F3/s728-e100/CISA.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its [Known Exploited Vulnerabilities (KEV) Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), including a high-severity security flaw affecting industrial automation software from Delta Electronics.\n\nThe issue, tracked as [CVE-2021-38406](<https://nvd.nist.gov/vuln/detail/CVE-2021-38406>) (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful exploitation of the flaw may lead to arbitrary code execution.\n\n\"Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution,\" CISA said in an alert.\n\nIt's worth noting that CVE-2021-38406 was originally disclosed as part of an industrial control systems (ICS) advisory [published](<https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02>) in September 2021.\n\nHowever, there are no patches that address the vulnerability, with CISA noting that the \"impacted product is end-of-life and should be disconnected if still in use.\" Federal Civilian Executive Branch (FCEB) agencies are mandated to follow the guideline by September 15, 2022.\n\nNot much information is available about the nature of the attacks that exploit the security bug, but a recent report from Palo Alto Networks Unit 42 [pointed out](<https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/>) instances of in-the-wild attacks leveraging the flaw between February and April 2022.\n\nThe development adds weight to the notion that adversaries are getting faster at exploiting newly published vulnerabilities when they are first disclosed, leading to indiscriminate and opportunistic scanning attempts that aim to take advantage of delayed patching.\n\nThese attacks often follow a specific sequence for exploitation that involves web shells, crypto miners, botnets, and remote access trojans (RATs), followed by initial access brokers (IABs) that then pave the way for ransomware.\n\nAmong other actively exploited flaws added to the list are as follows -\n\n * [**CVE-2022-26352**](<https://nvd.nist.gov/vuln/detail/CVE-2022-26352>) \\- dotCMS Unrestricted Upload of File Vulnerability\n * [**CVE-2022-24706**](<https://nvd.nist.gov/vuln/detail/CVE-2022-24706>) \\- Apache CouchDB Insecure Default Initialization of Resource Vulnerability\n * [**CVE-2022-24112**](<https://nvd.nist.gov/vuln/detail/cve-2022-24112>) \\- Apache APISIX Authentication Bypass Vulnerability\n * [**CVE-2022-22963**](<https://nvd.nist.gov/vuln/detail/CVE-2022-22963>) \\- VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability\n * [**CVE-2022-2294**](<https://nvd.nist.gov/vuln/detail/CVE-2022-2294>) \\- WebRTC Heap Buffer Overflow Vulnerability\n * [**CVE-2021-39226**](<https://nvd.nist.gov/vuln/detail/CVE-2021-39226>) \\- Grafana Authentication Bypass Vulnerability\n * [**CVE-2020-36193**](<https://nvd.nist.gov/vuln/detail/CVE-2020-36193>) \\- PEAR Archive_Tar Improper Link Resolution Vulnerability\n * [**CVE-2020-28949**](<https://nvd.nist.gov/vuln/detail/CVE-2020-28949>) \\- PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability\n\n### iOS and macOS flaw added to the list\n\nAnother high-severity flaw added to the KEV Catalog is [**CVE-2021-31010**](<https://nvd.nist.gov/vuln/detail/CVE-2021-31010>) (CVSS score: 7.5), a deserialization issue in Apple's Core Telephony component that could be leveraged to circumvent sandbox restrictions.\n\nThe tech giant addressed the shortcoming in iOS 12.5.5, iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6 (and Security Update 2021-005 Catalina), and watchOS 7.6.2 released in September 2021.\n\nWhile there were no indications that the flaw was being exploited at the time, the tech giant appears to have silently revised its advisories on May 25, 2022 to add the vulnerability and confirm that it had indeed been abused in attacks.\n\n\"Apple was aware of a report that this issue may have been actively exploited at the time of release,\" the iPhone maker noted, crediting Citizen Lab and Google Project Zero for the discovery.\n\nThe September update is also notable for [remediating](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) CVE-2021-30858 and CVE-2021-30860, both of which were [employed by NSO Group](<https://thehackernews.com/2021/08/bahraini-activists-targeted-using-new.html>), the makers of the Pegasus spyware, to get around the operating systems' security features.\n\nThis raises the possibility that CVE-2021-31010 may have been stringed together with the aforementioned two flaws in an attack chain to escape the sandbox and achieve arbitrary code execution.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-29T04:23:00", "type": "thn", "title": "CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28949", "CVE-2020-36193", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-31010", "CVE-2021-38406", "CVE-2021-39226", "CVE-2022-2294", "CVE-2022-22963", "CVE-2022-24112", "CVE-2022-24706", "CVE-2022-26352"], "modified": "2022-08-30T03:22:27", "id": "THN:5D50D5AA81EE14FA1044614364EAEBC6", "href": "https://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T11:59:02", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEglTR0Ii9L3qtSuDJKc1Sna--9qt_00acsxU4IoPSOvvnV9AYpsHDRBRuGpUvXEBKFk3zIyrtzTLJZui-ibEM8KY0xP5ftNR1W9UV-5y_qDt8tUtfZeiowl-DxjAAUazrSAmy2M-ipK_aDRHBpBeVjyw-V_72rcorKKsv7-bUNu1v3jj5_Rc8TdoRDD/s728-e100/apple.jpg>)\n\nApple on Wednesday rolled out [software fixes](<https://support.apple.com/en-us/HT201222>) for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.\n\nThis includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).\n\nChief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google [disclosed](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi0IORPLATc7sBagS3j2MEfWbfaT564we0HCpQxKyGV5ddTyfN4EXrPRxHhD1MbXvlGLR4KbmQXcsP9XTezTnpdH7V37ZhUsQLaJveId9m4lGa2trimp13A0tDRcJk51jkg7-Q70-Pnmv_4unts53n3uIo15x3DSOurm_ITR2KTT-jYyIgfeas62tSe/s728-e100/apple.jpg>)\n\nBesides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).\n\nAlso patched is a [Pointer Authentication](<https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html>) bypass affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation flaws in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).\n\nWhat's more, the latest version of macOS resolves five security vulnerabilities in the SMB module that could be potentially exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.\n\nUsers of Apple devices are recommended to update to iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 (Big Sur 11.6.8 or 2022-005 Catalina for older generation Macs), tvOS 15.6, and watchOS 8.7 to obtain the latest security protections.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T06:40:00", "type": "thn", "title": "Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-26768", "CVE-2022-32785", "CVE-2022-32792", "CVE-2022-32802", "CVE-2022-32810", "CVE-2022-32813", "CVE-2022-32815", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32826", "CVE-2022-32829", "CVE-2022-32840", "CVE-2022-32844"], "modified": "2022-07-21T11:31:25", "id": "THN:80C4CCCAB293DD273948D1317EAC8B73", "href": "https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2023-06-14T19:56:30", "description": "chromium is vulnerable to denial of service. The vulnerability exists due to a use after free allowing an attacker to crash the application through specific user interactions to potentially exploit heap corruption via direct UI interactions.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-17T17:18:06", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2296"], "modified": "2023-04-27T15:40:55", "id": "VERACODE:36372", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36372/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T20:05:56", "description": "chromium is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the `Service Worker API` component, which leads to heap use-after-free.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T09:43:02", "type": "veracode", "title": "Use-After-Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2480"], "modified": "2022-08-30T14:14:25", "id": "VERACODE:36426", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36426/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T20:06:12", "description": "chromium is vulnerable to a heap buffer overflow. The vulnerability allows an attacker to crash the system through potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-17T17:23:34", "type": "veracode", "title": "Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T18:06:53", "id": "VERACODE:36373", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36373/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T20:05:57", "description": "chromium is vulnerable to use-after-free. The vulnerability will allow an attacker to exploit a heap corruption via a crafted HTML page by convincing an user to install a malicious extension.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T09:44:01", "type": "veracode", "title": "Use-After-Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2477"], "modified": "2022-09-22T10:59:38", "id": "VERACODE:36428", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36428/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T20:06:14", "description": "chromium is vulnerable to type confusion. A remote attacker is able to exploit a heap memory corruption issue via a crafted HTML page, which leads to a use-after-free state in `V8` module.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-17T17:18:05", "type": "veracode", "title": "Type Confusion", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2295"], "modified": "2022-10-26T16:15:07", "id": "VERACODE:36371", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36371/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T20:05:53", "description": "chromium is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the `PDF` component, leading to heap use-after-free.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T09:45:16", "type": "veracode", "title": "Use-After-Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2478"], "modified": "2022-07-27T13:08:56", "id": "VERACODE:36429", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36429/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T20:21:05", "description": "flysystem is vulnerable to remote code execution. An attacker is able to upload and execute malicious code on the system under attack via the component `File Handler`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-07-21T09:53:18", "type": "veracode", "title": "Remote Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2479"], "modified": "2023-04-24T21:42:51", "id": "VERACODE:36430", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36430/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-14T20:05:56", "description": "chromium is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the `VIEWS` component, leading to heap use-after-free.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-21T09:43:07", "type": "veracode", "title": "Use-After-Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2481"], "modified": "2022-08-30T14:14:24", "id": "VERACODE:36427", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36427/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T19:56:56", "description": "chromium is vulnerable to denial of service. The vulnerability exists due to the use after free in cast `UI/TOOLBAR` which allows an attacker to crash the application via malicious input. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-26T16:55:25", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163"], "modified": "2023-04-27T15:47:51", "id": "VERACODE:36125", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36125/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2022-08-04T20:00:29", "description": "Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Candiru(Saito Tech) spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability in WebRTC is a heap-based buffer overflow. Its successful exploitation may result in code execution on the targeted device.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T06:06:37", "type": "hivepro", "title": "Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T06:06:37", "id": "HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809", "href": "https://www.hivepro.com/spyware-group-candiru-exploits-chrome-zero-day-to-target-middle-east/", "cvss": {"score": 0.0, "vector": "NONE"}}], "attackerkb": [{"lastseen": "2023-10-18T16:35:39", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at July 05, 2022 3:18am UTC reported:\n\nLooks like this was a heap buffer overflow in WebRTC which could allow for a drive by attack that would grant attackers RCE on a target system. No news as to whether or not this was used with a sandbox escape though, It was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 according to <https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>, yet interestingly <https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html> also note it affects Chrome for Android.\n\nThere is a real world exploit for this out in the wild but given the generally tight lipped news around this and that it was found from a threat intelligence team, I would imagine this may have been used in more targeted attacks, but still widely enough that a threat intelligence team picked up on it. Bit hard to tell though since I hadn\u2019t heard about the Avast Threat Intelligence team prior to this; I imagine its possible one of their customers was targeted selectively and then they found out and notified Google.\n\nWith heap overflow bugs I generally err on the side of \u201cwell these things are harder to exploit\u201d however with browsers you typically have access to a much wider arsenal to use for crafting the heap into a state that is desirable for exploitation purposes, so the risk is a bit higher here. That being said exploitation of such bugs tends to be a little more complex in most cases, particularly given recent mitigations. I\u2019d still recommend patching this one if you can, but if not then you should try to disable WebRTC on your browsers until you can patch given in the wild exploitation.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "attackerkb", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-10-08T00:00:00", "id": "AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "href": "https://attackerkb.com/topics/42OzzPsFw0/cve-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-12-03T16:07:25", "description": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-25T00:00:00", "type": "cisa_kev", "title": "WebRTC Heap Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-25T00:00:00", "id": "CISA-KEV-CVE-2022-2294", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-03T17:34:23", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-104.0.5112.101\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-104.0.5112.101\"\n \n\nAll Google Chrome users should upgrade to tha latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-104.0.5112.101\"\n \n\nAll Microsoft Edge users should upgrade to tha latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/microsoft-edge-104.0.1293.63\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-21T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481", "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624", "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-35796"], "modified": "2022-08-21T00:00:00", "id": "GLSA-202208-35", "href": "https://security.gentoo.org/glsa/202208-35", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:34:24", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.36.7\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-31T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22589", "CVE-2022-22590", "CVE-2022-22592", "CVE-2022-22620", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22677", "CVE-2022-2294", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-30293", "CVE-2022-30294", "CVE-2022-32784", "CVE-2022-32792", "CVE-2022-32893"], "modified": "2022-08-31T00:00:00", "id": "GLSA-202208-39", "href": "https://security.gentoo.org/glsa/202208-39", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:26", "description": "### Background\n\nQtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QtWebEngine users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtwebengine-5.15.10_p20230623\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-11-25T00:00:00", "type": "gentoo", "title": "QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-3201", "CVE-2022-41115", "CVE-2022-4174", "CVE-2022-4175", "CVE-2022-4176", "CVE-2022-4177", "CVE-2022-4178", "CVE-2022-4179", "CVE-2022-4180", "CVE-2022-4181", "CVE-2022-4182", "CVE-2022-4183", "CVE-2022-4184", "CVE-2022-4185", "CVE-2022-4186", "CVE-2022-4187", "CVE-2022-4188", "CVE-2022-4189", "CVE-2022-4190", "CVE-2022-4191", "CVE-2022-4192", "CVE-2022-4193", "CVE-2022-4194", "CVE-2022-4195", "CVE-2022-4436", "CVE-2022-4437", "CVE-2022-4438", "CVE-2022-4439", "CVE-2022-4440", "CVE-2022-44688", "CVE-2022-44708", "CVE-2023-0128", "CVE-2023-0129", "CVE-2023-0130", "CVE-2023-0131", "CVE-2023-0132", "CVE-2023-0133", "CVE-2023-0134", "CVE-2023-0135", "CVE-2023-0136", "CVE-2023-0137", "CVE-2023-0138", "CVE-2023-0139", "CVE-2023-0140", "CVE-2023-0141", "CVE-2023-21775", "CVE-2023-21796", "CVE-2023-2721", "CVE-2023-2722", "CVE-2023-2723", "CVE-2023-2724", "CVE-2023-2725", "CVE-2023-2726", "CVE-2023-2929", "CVE-2023-2930", "CVE-2023-2931", "CVE-2023-2932", "CVE-2023-2933", "CVE-2023-2934", "CVE-2023-2935", "CVE-2023-2936", "CVE-2023-2937", "CVE-2023-2938", "CVE-2023-2939", "CVE-2023-2940", "CVE-2023-2941", "CVE-2023-3079", "CVE-2023-3214", "CVE-2023-3215", "CVE-2023-3216", "CVE-2023-3217", "CVE-2023-4068", "CVE-2023-4069", "CVE-2023-4070", "CVE-2023-4071", "CVE-2023-4072", "CVE-2023-4073", "CVE-2023-4074", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4077", "CVE-2023-4078", "CVE-2023-4761", "CVE-2023-4762", "CVE-2023-4763", "CVE-2023-4764", "CVE-2023-5218", "CVE-2023-5473", "CVE-2023-5474", "CVE-2023-5475", "CVE-2023-5476", "CVE-2023-5477", "CVE-2023-5478", "CVE-2023-5479", "CVE-2023-5480", "CVE-2023-5481", "CVE-2023-5482", "CVE-2023-5483", "CVE-2023-5484", "CVE-2023-5485", "CVE-2023-5486", "CVE-2023-5487", "CVE-2023-5849", "CVE-2023-5850", "CVE-2023-5851", "CVE-2023-5852", "CVE-2023-5853", "CVE-2023-5854", "CVE-2023-5855", "CVE-2023-5856", "CVE-2023-5857", "CVE-2023-5858", "CVE-2023-5859", "CVE-2023-5996", "CVE-2023-5997", "CVE-2023-6112"], "modified": "2023-11-25T00:00:00", "id": "GLSA-202311-11", "href": "https://security.gentoo.org/glsa/202311-11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:34:25", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-103.0.5060.53\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-103.0.5060.53\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-103.0.5060.53\"\n \n\nAll Microsoft Edge users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-103.0.5060.53\"\n \n\nAll QtWebEngine users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtwebengine-5.15.5_p20220618\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-08-14T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551", "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079", "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809", "CVE-2022-0971", "CVE-2022-0972", "CVE-2022-0973", "CVE-2022-0974", "CVE-2022-0975", "CVE-2022-0976", "CVE-2022-0977", "CVE-2022-0978", "CVE-2022-0979", "CVE-2022-0980", "CVE-2022-1096", "CVE-2022-1125", "CVE-2022-1127", "CVE-2022-1128", "CVE-2022-1129", "CVE-2022-1130", "CVE-2022-1131", "CVE-2022-1132", "CVE-2022-1133", "CVE-2022-1134", "CVE-2022-1135", "CVE-2022-1136", "CVE-2022-1137", "CVE-2022-1138", "CVE-2022-1139", "CVE-2022-1141", "CVE-2022-1142", "CVE-2022-1143", "CVE-2022-1144", "CVE-2022-1145", "CVE-2022-1146", "CVE-2022-1232", "CVE-2022-1305", "CVE-2022-1306", "CVE-2022-1307", "CVE-2022-1308", "CVE-2022-1309", "CVE-2022-1310", "CVE-2022-1311", "CVE-2022-1312", "CVE-2022-1313", "CVE-2022-1314", "CVE-2022-1364", "CVE-2022-1477", "CVE-2022-1478", "CVE-2022-1479", "CVE-2022-1480", "CVE-2022-1481", "CVE-2022-1482", "CVE-2022-1483", "CVE-2022-1484", "CVE-2022-1485", "CVE-2022-1486", "CVE-2022-1487", "CVE-2022-1488", "CVE-2022-1489", "CVE-2022-1490", "CVE-2022-1491", "CVE-2022-1492", "CVE-2022-1493", "CVE-2022-1494", "CVE-2022-1495", "CVE-2022-1496", "CVE-2022-1497", "CVE-2022-1498", "CVE-2022-1499", "CVE-2022-1500", "CVE-2022-1501", "CVE-2022-1633", "CVE-2022-1634", "CVE-2022-1635", "CVE-2022-1636", "CVE-2022-1637", "CVE-2022-1639", "CVE-2022-1640", "CVE-2022-1641", "CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876", "CVE-2022-2007", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165", "CVE-2022-22021", "CVE-2022-24475", "CVE-2022-24523", "CVE-2022-26891", "CVE-2022-26894", "CVE-2022-26895", "CVE-2022-26900", "CVE-2022-26905", "CVE-2022-26908", "CVE-2022-26909", "CVE-2022-26912", "CVE-2022-29144", "CVE-2022-29146", "CVE-2022-29147", "CVE-2022-30127", "CVE-2022-30128", "CVE-2022-30192", "CVE-2022-33638", "CVE-2022-33639"], "modified": "2022-08-14T00:00:00", "id": "GLSA-202208-25", "href": "https://security.gentoo.org/glsa/202208-25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2022-07-15T23:58:32", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 84 vulnerabilities (aka flaws) in the July 2022 update, including four (4) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month&#x27;s Patch Tuesday cumulative Windows update includes the fix for one (1) actively exploited zero-day vulnerability ([CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)). Earlier this month, July 6, 2022, Microsoft also released two (2) Microsoft Edge (Chromium-Based) security updates as well.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Tampering.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation (in the wild) except for [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>), a Windows CSRSS Elevation of Privilege Vulnerability.\n\n## The July 2022 Microsoft vulnerabilities are classified as follows: \n\n\n\n [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/07/13/microsoft-patches-84-vulnerabilities-including-one-zero-day-and-four-critical-in-the-july-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>) | Windows CSRSS Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nElevation of Privilege - Important - An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. (Article [5015874](<https://support.microsoft.com/help/5015874>))\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n# **Microsoft Critical Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul>) covers multiple Microsoft product families, including Azure, Browser, ESU, Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 63 unique Microsoft products/versions are affected.\n\nDownloads include Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30221](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221>) | Windows Graphics Component Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim&#x27;s system in the context of the targeted user.\n\nWindows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 are only affected by this vulnerability if either RDP 8.0 or RDP 8.1 is installed. If you do not have either of these versions of RDP installed on Windows 7 SP1 or Window Server 2008 R2 SP1, then you are not affected by this vulnerability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Microsoft Last But Not Least**\n\nEarlier in July, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) and [CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released four (4) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 27 vulnerabilities affecting Adobe Acrobat, Character Animator, Photoshop, Reader, and RoboHelp applications. Of these 27 vulnerabilities, 18 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 6.5/10 to 7.8/10, as summarized below.\n\n\n\n* * *\n\n### [APSB22-10](<https://helpx.adobe.com/security/products/robohelp/apsb22-10.html>) | Security update available for RoboHelp\n\nThis update resolves one (1) [**_Important_** ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for RoboHelp. This update resolves a vulnerability rated [important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to arbitrary code execution in the context of current user. \n\n* * *\n\n### [APSB22-32](<https://helpx.adobe.com/security/products/acrobat/apsb22-32.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves 22 vulnerabilities; 15 **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and seven (7) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_**[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2**_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>), and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-34](<https://helpx.adobe.com/security/products/character_animator/apsb22-34.html>) | Security Updates Available for Adobe Character Animator\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>) _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution.\n\n* * *\n\n### [APSB22-35](<https://helpx.adobe.com/security/products/photoshop/apsb22-35.html>) | Security update available for Adobe Photoshop\n\nThis update resolves two (2) vulnerabilities; one (1) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and one (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability and an [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n* * *\n\n# Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n\n\n* * *\n\n# Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n\n\n [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month&#x27;s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities &amp; Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T20:09:23", "type": "qualysblog", "title": "July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-30190", "CVE-2022-30221"], "modified": "2022-07-12T20:09:23", "id": "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-14T08:08:58", "description": "Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug ([CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>); _QID 377804_) is a Type Confusion vulnerability in Chrome\u2019s V8 JavaScript Engine.\n\nGoogle has withheld details about the vulnerability to prevent expanding its malicious exploitation and to allow users time to apply the security updates necessary on their Chrome installations.\n\nGoogle\u2019s previous zero-days were also released right before a weekend (see [Don\u2019t spend another weekend patching Chrome](<https://blog.qualys.com/product-tech/2022/10/28/chrome-zero-day-cve-2022-3723>) and [Don\u2019t Spend Your Holiday Season Patching Chrome](<https://blog.qualys.com/product-tech/patch-management/2022/11/29/dont-spend-your-holiday-season-patching-chrome>)).\n\n\n\n## Organizations respond, but slowly\n\nAnalyzing anonymized data from the Qualys data lake, the Qualys Threat Research Unit found for Chrome zero-day vulnerabilities introduced between February and August, more than 90% of these instances were remediated. However, it took 11-21 days to remediate via the Chrome patch. With the frequency of vulnerabilities released in this widely used browser and the fact that browsers, by their nature, are more exposed to external attacks, reducing the MTTR for those Chrome vulnerabilities is critical.\n\n2022 Chrome Zero-Day Vulnerabilities, MTTR\n\nOf the nine Chrome zero-day threats this year, five were introduced just before the weekend on a Thursday or Friday. Organizations that don&#x27;t leverage automated patching must spend the weekend or holiday working on the manual, lengthy process of detecting vulnerable devices, preparing the Chrome patch, testing it, and deploying it to affected assets.\n\nCVE| Release Date| Day of the Week| Vulnerability Remediation Rate \n---|---|---|--- \nCVE-2022-0609| 2/14/2022| Monday| 94% \nCVE-2022-1096| 3/25/2022| **Friday**| 94% \nCVE-2022-1364| 4/14/2022| **Thursday**| 93% \nCVE-2022-2294| 7/4/2022| Monday| 93% \nCVE-2022-2856| 8/16/2022| Tuesday| 91% \nCVE-2022-3075| 9/2/2022| **Friday**| 85% \nCVE-2022-3723| 10/27/2022| **Thursday**| 65% \nCVE-2022-4135| 11/24/2022| **Thursday (Thanksgiving)**| 52% \nCVE-2022-4262| 12/2/2022| **Friday**| NA \n2022 Chrome Zero-Day vulnerability release dates and percentage of remediation\n\n## Qualys Patch Management speeds remediation\n\nThe Qualys Threat Research Unit has found on average critical vulnerabilities are weaponized in 15.9 days. Significantly reducing MTTR shortens the exposure window and improves an organization&#x27;s risk posture.\n\n[Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) with Zero-Touch Patching allows organizations to use their Qualys Cloud Agent for vulnerability management and to deploy third-party application patches, including Chrome. If the Qualys Cloud Agent is installed on an asset, customers can patch it, regardless of any other deployed patch solution. By defining a simple zero-touch policy, assets can automatically deploy patches when the vendor releases a new one. If testing patches like Chrome is required before production deployment, automatically setup a zero-touch policy to deploy to a set of test devices before de