Stable Channel Update for Desktop

The Stable channel has been updated to 97.0.4692.99 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 96.0.4664.110 for Windows and Mac which will roll out over the coming days/weeks A full list of changes in this build is...

Command Injection

firefox-esr is vulnerable to command injection. The constructed curl command from the Copy as curl feature in DevTools is not correctly escaped from PowerShell, allowing an attacker to inject and execute malicious commands...

Inappropriate Implementation In DevTools

chrome has Inappropriate implementation in DevTools. An attacker may exploit the vulnerability...

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt. This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerabilit...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyso...

Mozilla Firefox ESR < 91.5

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-02 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyso...

Google Chrome Security Feature Issue Vulnerability (CNVD-2022-14880)

Google Chrome is a Web browser from Google, Inc. A security feature vulnerability exists in Google Chrome, which stems from a faulty implementation of the product DevTools. A remote attacker could exploit the vulnerability to create a specially crafted web page, trick victims into accessing it, a...

Mozilla Firefox 命令注入漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from a curl command constructed from the copy-to-curl function in DevTools that is not properly escaped into PowerShell.If pasted into a...

Mozilla Firefox < 96.0

The version of Firefox installed on the remote Windows host is prior to 96.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-01 advisory. - When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it shou...

Chromium: CVE-2022-0097 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory. - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an...

FreeBSD : chromium -- multiple vulnerabilities (9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec advisory. - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allow...

Google Chrome < 97.0.4692.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202201stable-channel-update-for-desktop advisory. - Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed ...

Google Chrome 安全特征问题漏洞

Google Chrome is a Web browser from Google, Inc. A security feature vulnerability exists in Google Chrome, which stems from a faulty implementation of the product DevTools. A remote attacker could exploit the vulnerability to create a specially crafted web page, trick victims into accessing it, a...

Google Chrome < 97.0.4692.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 97.0.4692.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202201stable-channel-update-for-desktop advisory. - Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 97 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks. Chrome 97.0.4692.71 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

KLA12434 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or caus...

DEBIAN-CVE-2021-37983

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-37983

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1339-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1339-1 advisory. - Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the rendere...