Google Chrome 跨站脚本漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome versions prior to 104.0.5112.101, which stems from an improper implementation in the Extensions API...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 11 security fixes, including: 1349322 Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02 1337538 High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Securi...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10092-1 Rating: important References: 1202075 Cross-References: CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612...

CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox URL bar via a crafted Chrome Extension...

CVE-2022-2617

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions...

CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox URL bar via a crafted Chrome Extension...

CVE-2022-2617

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions...

Design/Logic Flaw

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions...

UBUNTU-CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox URL bar via a crafted Chrome Extension...

CVE-2022-2617

CVE-2022-2617 affects Google Chrome/Chromium via a Use-after-Free in the Extensions API prior to 104.0.5112.79, enabling a user-assisted heap corruption path when a malicious extension is installed. Public updates exist: Debian fixes Chromium to 104.0.5112.79-1~deb11u1; Fedora/GLSA advisories sho...

CVE-2022-2617

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions...

CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox URL bar via a crafted Chrome Extension...

CVE-2022-2616

CVE-2022-2616 affects Google Chrome prior to 104.0.5112.79 due to an inappropriate Extension API implementation that allowed a user tricked into installing a malicious extension to spoof the Omnibox. The issue is tied to Extensions API handling and could enable spoofing of the URL bar content. De...

CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox URL bar via a crafted Chrome Extension...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10086-1 Rating: important References: 1202075 Cross-References: CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612...

Remote Code Execution (RCE)

chrome is vulnerable to remote code execution. The vulnerability exists due to an inappropriate implementation in Extensions API allowing an attacker to inject maliciously crafted code into the system...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free in Extensions API allowing an attacker to inject maliciously crafted code into the system...

Microsoft Edge (Chromium) < 104.0.1293.47 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.47. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2022 advisory. - Use after free in Omnibox. CVE-2022-2603 - Use after free in Safe Browsing. CVE-2022-2604 - Out of...

Updated chromium-browser-stable packages fix security vulnerability

1325699 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 1335316 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang@eternalsakura13 and Guang Gong of 360 Alpha Lab on 2022-06-10 1338470 High CVE-2022-2605: Out of bounds read in Dawn. Report...

Chromium: CVE-2022-2617 Use after free in Extensions API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...