Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging. CVE-2022-1856: Use after...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome versions 70.0.3538.67 through 101.0.4951.67, which originates from a boundary error when handling untrusted HTML content in DevTools. A remote attacker can exploit this vulnerability to perform a...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc USA. A buffer error vulnerability exists in Google Chrome versions 70.0.3538.67 through 101.0.4951.67, which originates from a boundary condition in the DevTools component. A remote attacker could exploit the vulnerability to gain access to...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...

TikTok: disclosure the live_analytics information of any livestream.

A possible disclosure of the liveanalytics information for any livestream was found by accessing the roomid parameter via devtools. We thank @datph4m for reporting this to our team...

The vulnerability in the set of tools for web development, DevTools, in Microsoft Edge and Google Chrome browsers allows a hacker to expose protected information.

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome relates to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

The vulnerability in the set of tools for web development, DevTools, in Microsoft Edge and Google Chrome browsers allows a hacker to expose protected information.

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

UBUNTU-CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5370-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5370-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Heap Buffer Overflow

chromium is vulnerable to use after free.The vulnerability exist in WebUI, allowing a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools...

The vulnerability of the DevTools set of tools for web development in Google Chrome allows a hacker to escape from the isolated software environment.

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to escape from an isolated programming environment using a speciall...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

Open redirect

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The CVE-2022-24072 entry applies to Naver Whale Browser, with affected versions before 3.12.129.18. The root cause is improper data handling in the devtools API (devtools.inspectedWindow), allowing potentially attacker-controlled JavaScript execution within the extension store web page. Consequen...

Naver Whale Browser 安全漏洞

A cross-site scripting vulnerability exists in versions prior to 3.12.129.18 of Naver Whale Browser, a web browser from Naver Korea that supports user-defined interfaces, due to a lack of data validation filtering of user-supplied and output data. An attacker could exploit this to allow extension...

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser is related to buffer overflow errors in dynamic memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

GitLab: Stored XSS in Notes (with CSP bypass for gitlab.com)

Summary I read the issue 345657 which handles the XSS in notes reported in Hackerone report 1398305. This issue fixes the reported XSS but leaves the HTML injection that was also mentioned. I don't know how you deal with these situations, but I thought I report this, and you can decide : The issu...

CVE-2022-0301

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...