CVE-2022-3656

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2022-3443

CVE-2022-3443 concerns Google Chrome up to version 106.0.5249.62 (inclusive). The vulnerability arises from insufficient data validation in the File System API, enabling a remote attacker to bypass file-system restrictions via a crafted HTML page. The NVD entry notes a Chromium-based severity of ...

CVE-2022-3444

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. Chromium security severity: Low...

CVE-2022-3661

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. Chromium security severity: Low...

CVE-2022-3656

CVE-2022-3656 affects Google Chrome/Chromium’s File System API, with Insufficient data validation that allowed bypassing file-system restrictions via a crafted HTML page. Affected: Chrome/Chromium prior to 107.0.5304.62; impact per NVD: high (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H; base 8....

CVE-2022-3444

CVE-2022-3444 : Insufficient data validation in Chrome’s File System API allows remote bypass of file system restrictions via a crafted HTML page and malicious file. Affected: Google Chrome pre-106.0.5249.62 (Chromium engine). Impact: bypass of File System restrictions (privacy/mi) with no confid...

CVE-2022-3661

Google Chrome/Chromium vulnerability CVE-2022-3661 arises from insufficient data validation in Extensions, allowing a remote attacker who already compromised the renderer to leak cross-origin data via a crafted extension. Affected versions are Chrome/Chromium prior to 107.0.5304.62; the issue is ...

CVE-2022-3443

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2022-3444

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. Chromium security severity: Low...

CVE-2022-3656

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2022-3661

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. Chromium security severity: Low...

The vulnerability in Google Chrome’s developer tools for web developers allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s developer tools relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote location...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10177-1 Rating: important References: 1204732 1204819 Cross-References: CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10180-1 Rating: important References: 1204732 1204819 Cross-References: CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660...

Oracle data feed is insufficiently validated

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed. However, the received data is not validated/checked for freshness and round completeness. This might cause the price to be stale and it can lead t...

Google Chrome Security Update (stable-channel-update-for-desktop_25-2022-10) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2022-3379

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer...

CVE-2022-3377

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory...

CVE-2022-3378

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory...

CVE-2022-3379

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer...