Chromium: CVE-2022-1858 Out of bounds read in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12548 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in...

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging. CVE-2022-1856: Use after...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc USA. A buffer error vulnerability exists in Google Chrome versions 70.0.3538.67 through 101.0.4951.67, which originates from a boundary condition in the DevTools component. A remote attacker could exploit the vulnerability to gain access to...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome versions 70.0.3538.67 through 101.0.4951.67, which originates from a boundary error when handling untrusted HTML content in DevTools. A remote attacker can exploit this vulnerability to perform a...

TikTok: disclosure the live_analytics information of any livestream.

A possible disclosure of the liveanalytics information for any livestream was found by accessing the roomid parameter via devtools. We thank @datph4m for reporting this to our team...

UBUNTU-CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5370-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5370-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

Heap Buffer Overflow

chromium is vulnerable to use after free.The vulnerability exist in WebUI, allowing a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

Open redirect

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The CVE-2022-24072 entry applies to Naver Whale Browser, with affected versions before 3.12.129.18. The root cause is improper data handling in the devtools API (devtools.inspectedWindow), allowing potentially attacker-controlled JavaScript execution within the extension store web page. Consequen...

Naver Whale Browser 安全漏洞

A cross-site scripting vulnerability exists in versions prior to 3.12.129.18 of Naver Whale Browser, a web browser from Naver Korea that supports user-defined interfaces, due to a lack of data validation filtering of user-supplied and output data. An attacker could exploit this to allow extension...

GitLab: Stored XSS in Notes (with CSP bypass for gitlab.com)

Summary I read the issue 345657 which handles the XSS in notes reported in Hackerone report 1398305. This issue fixes the reported XSS but leaves the HTML injection that was also mentioned. I don't know how you deal with these situations, but I thought I report this, and you can decide : The issu...

CVE-2022-0301

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-0301

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

Heap overflow

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...