Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be...

Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected by multiple vulnerabilities as referenced in the October 3, 2022 advisory. - Use after free in CSS. CVE-2022-3304 - Use after free in Media. CVE-2022-3307 - Insufficient policy...

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are: High CVE-2022-3304: Use after free in CSS. High CVE-2022-3201: Insufficient...

MGASA-2022-0357 Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are: High CVE-2022-3304: Use after free in CSS. High CVE-2022-3201: Insufficient...

Regular Expression Denial Of Service (ReDoS)

css-what is vulnerable to regular expression denial of service. Regular expression used for reattr variable of index.js does not sufficiently include superscript in range, allowing an attacker to pass malicious input via the parse function to cause denial of service...

Chromium: CVE-2022-3304 Use after free in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10138-1 Rating: important References: 1203808 Cross-References: CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 CVE-2022-3311 CVE-2022-3312...

08cms (=1.0.0), 1pif-to-keepass (=0.1.0) +6782 more potentially affected by CVE-2022-21222 via css-what (>=1.0.0 <=2.1.0)

css-what NPM version =1.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.0, =1.0.0, =1.0.1, =0.0.1, =2.0.0, =2.2.0 - @battlemidget/generator-nm =1.4.1 - @benzed/dev =0.9.0 and more Source cves: CVE-2022-21222 Source advisory: OSV:GHSA-P28H-CC7Q-C4FG...

GHSA-P28H-CC7Q-C4FG css-what vulnerable to ReDoS due to use of insecure regular expression

The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

A vulnerability was found in the css-what package. The flaw allows Regular expression denial of service ReDoS attacks, affecting system availability...

DEBIAN-CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

UBUNTU-CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222 Regular Expression Denial of Service (ReDoS)

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222 Regular Expression Denial of Service (ReDoS)

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

CVE-2022-21222 affects the Node.js package css-what prior to version 2.1.3. The vulnerability stems from an insecure regular expression in the re_attr variable of index.js, enabling Regular Expression Denial of Service (ReDoS) via the parse function. Affected users should upgrade to 2.1.3 or newe...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

Drawing a star with DOMMatrix

I recently recorded an episode of HTTP 203 on DOMPoint and DOMMatrix. If you'd rather watch the video version, here it is, but come back here for some bonus details on a silly mistake I made, which I almost got away with. DOMMatrix lets you apply transformations to DOMPoints. I find these APIs...

PT-2022-14933 · Css-What +2 · Css-What +2

Name of the Vulnerable Software and Affected Versions: css-what versions prior to 2.1.3 Description: The issue is related to a Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression in the re attr variable of index.js. This could be triggered via the parse...

css-what 资源管理错误漏洞

css-what is a CSS selector parser. A resource management error vulnerability exists in versions of css-what prior to 2.1.3, which stems from the use of an unsafe regular expression in the reattr variable of index.js...