Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

2022-09-03T03:56:00

Description

[![Chrome Update](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e100/chrome-update.jpg>) Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier **CVE-2022-3075**, concerns a case of insufficient data validation in [Mojo](<https://chromium.googlesource.com/chromium/src/+/HEAD/mojo/README.md>), which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022. "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the internet giant [said](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>), without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw. The latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year - * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \- Use-after-free in Animation * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \- Type confusion in V8 * [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \- Type confusion in V8 * [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \- Heap buffer overflow in WebRTC * [CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \- Insufficient validation of untrusted input in Intents Users are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available. Found this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter __](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.

{"id": "THN:0ADE883013E260B4548F6E16D65487D3", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability", "description": "[![Chrome Update](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgU5EpzvY9cLJdxPDYZpGhcMcZv4NWQKy-E_SphleQYJBz0-RK17I0vcuTEA4Y7j4FLYJZoocDlfvBAGQ9PLUcM-tSqm41GrfaPqhrzTyHbGiRLa0OW_IOvDb-6EfqX7V_LIzm1t5P_xj2by6ZVqAFz5d_bJ42p_faEgP_-St1X8fjuiAh0iW2Ak_Om/s728-e100/chrome-update.jpg>)\n\nGoogle on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild.\n\nThe issue, assigned the identifier **CVE-2022-3075**, concerns a case of insufficient data validation in [Mojo](<https://chromium.googlesource.com/chromium/src/+/HEAD/mojo/README.md>), which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).\n\nAn anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,\" the internet giant [said](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>), without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw.\n\nThe latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n\nUsers are recommended to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2022-09-03T03:56:00", "modified": "2022-09-06T04:20:05", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "immutableFields": [], "lastseen": "2022-09-06T06:03:15", "viewCount": 61, "enchantments": {"score": {"value": 1.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "apple", "idList": ["APPLE:37AFBB95AFD80D918469C22F0A05655D", "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "APPLE:DF68F7FFE1ED4E5157204A83619C4B89"]}, {"type": "attackerkb", "idList": ["AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "AKB:6D883363-6A9C-411A-8D48-5872842B65D3", "AKB:A05826BB-6FC1-47F8-BF32-A673EC92DAEA", "AKB:DEE6BA54-6F2D-4A58-9654-B21DD42E3502", "AKB:FECA1489-DC05-4990-A74B-DED8F2AF4441", "AKB:FF8776A0-8F09-4620-A059-9AA63732C37D"]}, {"type": "avleonov", "idList": ["AVLEONOV:535BC5E36A5D2C8F60753A2CD4676692", "AVLEONOV:84C227D6BCF2EBE9D3A584B815D5145A", "AVLEONOV:8FE7F4C2B563A2A88EB2DA8822A13824", "AVLEONOV:B87691B304EF70215B926F66B871260A", "AVLEONOV:FDBB133A2C9231CE02F5A15C4AC02F24"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0094"]}, {"type": "chrome", "idList": ["GCSA-2955998722942640296", "GCSA-3812047510544759764", "GCSA-3975554673488527527", "GCSA-5089288012050676645", "GCSA-5720220590878638492", "GCSA-5842936521181266609", "GCSA-6591445864469691028", "GCSA-7720125337817983232"]}, {"type": "cisa", "idList": ["CISA:88950AD3AEDA1ACA038AD96EE5152D39"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-0609", "CISA-KEV-CVE-2022-1096", "CISA-KEV-CVE-2022-1364", "CISA-KEV-CVE-2022-2294", "CISA-KEV-CVE-2022-2856"]}, {"type": "cnvd", "idList": ["CNVD-2022-20552", "CNVD-2022-60667"]}, {"type": "cve", "idList": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5079-1:4C05B", "DEBIAN:DSA-5110-1:CD232", "DEBIAN:DSA-5121-1:3B3A1", "DEBIAN:DSA-5180-1:E631C", "DEBIAN:DSA-5212-1:C14A4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-0609", "DEBIANCVE:CVE-2022-1096", "DEBIANCVE:CVE-2022-1364", "DEBIANCVE:CVE-2022-2294", "DEBIANCVE:CVE-2022-2856", "DEBIANCVE:CVE-2022-3075"]}, {"type": "fedora", "idList": ["FEDORA:0BF68306D452", "FEDORA:1AA1C30A3C1B", "FEDORA:25D31307CC0A", "FEDORA:29E5830A072A", "FEDORA:2A81C3067778", "FEDORA:7264F30C2A76", "FEDORA:B033C30C3DD2", "FEDORA:E6CD0309D335"]}, {"type": "freebsd", "idList": ["323F900D-AC6D-11EC-A0B8-3065EC8FD3EC", "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "A25EA27B-BCED-11EC-87B5-3065EC8FD3EC", "E12432AF-8E73-11EC-8BC4-3065EC8FD3EC", "F12368A8-1E05-11ED-A1EF-3065EC8FD3EC", "F38D25AC-2B7A-11ED-A1EF-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202202-02", "GLSA-202208-25", "GLSA-202208-35", "GLSA-202208-39"]}, {"type": "github", "idList": ["GHSA-VV6J-WW6X-54GX", "GITHUB:D9472F716C46C02F88677DBAD0EEA334"]}, {"type": "githubexploit", "idList": ["D424D6C6-13F7-5CAE-8771-9103296520B9"]}, {"type": "gitlab", "idList": ["GITLAB-14506204EDDBCC426EDE99AF8BB58E00", "GITLAB-34BA340EEEB0AC5BD42079A6FA2C932A", "GITLAB-4645688CBD76D08EFF12D00465ABCA3B", "GITLAB-5276A663FE45AAB11A41593871966211", "GITLAB-5C55E4CE507C85E21B1AFFF594C436B8", "GITLAB-B95DA60B50B8780F2FE1144BC6D2A9EA", "GITLAB-BAB522840703640933BAA696F2FDFDBD", "GITLAB-BE424589ED0C337DD3884B216A3892B2", "GITLAB-FF3BD63BDD01DCAB69F73F5C67C8E8D9"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA"]}, {"type": "hivepro", "idList": ["HIVEPRO:1BF741505EB0E48023B5A5F80FE0F3EB", "HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809", "HIVEPRO:361A2FB730C7ECAF024FD15C73EB6E93", "HIVEPRO:573E7326CF205779BA6C4D3AB8DDB736", "HIVEPRO:775874796CA18FB04371F74991273C7B", "HIVEPRO:D7EA1CB0468E749402CDC827EECBB9DE", "HIVEPRO:E7F36EC1E4DCF018F94ECD22747B7093", "HIVEPRO:F95B9B5A24C6987E85478A62BD37DD7D"]}, {"type": "ics", "idList": ["ICSA-22-209-01"]}, {"type": "kaspersky", "idList": ["KLA12464", "KLA12492", "KLA12513", "KLA12529", "KLA12578", "KLA12579", "KLA12587", "KLA15723", "KLA15736"]}, {"type": "mageia", "idList": ["MGASA-2022-0118", "MGASA-2022-0146", "MGASA-2022-0287", "MGASA-2022-0307", "MGASA-2022-0318"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "MALWAREBYTES:2B7FA24A43BE3D53EA1E393BEC594625", "MALWAREBYTES:3203C761121FB47FC676CC2505B4A9FD", "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "MALWAREBYTES:833279010C6AFB764A7A964FBF59CD1D", "MALWAREBYTES:86098B0C4C8EA7454C93620069F6582C"]}, {"type": "mscve", "idList": ["MS:CVE-2022-0609", "MS:CVE-2022-1096", "MS:CVE-2022-1364", "MS:CVE-2022-2294", "MS:CVE-2022-2856", "MS:CVE-2022-3075"]}, {"type": "nessus", "idList": ["701396.PASL", "701400.PASL", "701415.PASL", "APPLE_IOS_156_CHECK.NBIN", "DEBIAN_DSA-5079.NASL", "DEBIAN_DSA-5110.NASL", "DEBIAN_DSA-5121.NASL", "DEBIAN_DSA-5180.NASL", "DEBIAN_DSA-5212.NASL", "FREEBSD_PKG_323F900DAC6D11ECA0B83065EC8FD3EC.NASL", "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "FREEBSD_PKG_A25EA27BBCED11EC87B53065EC8FD3EC.NASL", "FREEBSD_PKG_E12432AF8E7311EC8BC43065EC8FD3EC.NASL", "FREEBSD_PKG_F12368A81E0511EDA1EF3065EC8FD3EC.NASL", "FREEBSD_PKG_F38D25AC2B7A11EDA1EF3065EC8FD3EC.NASL", "GENTOO_GLSA-202202-02.NASL", "GENTOO_GLSA-202208-25.NASL", "GENTOO_GLSA-202208-35.NASL", "GENTOO_GLSA-202208-39.NASL", "GOOGLE_CHROME_100_0_4896_127.NASL", "GOOGLE_CHROME_103_0_5060_114.NASL", "GOOGLE_CHROME_104_0_5112_101.NASL", "GOOGLE_CHROME_105_0_5195_102.NASL", "GOOGLE_CHROME_98_0_4758_102.NASL", "GOOGLE_CHROME_99_0_4844_84.NASL", "MACOSX_GOOGLE_CHROME_100_0_4896_127.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "MACOSX_GOOGLE_CHROME_104_0_5112_101.NASL", "MACOSX_GOOGLE_CHROME_105_0_5195_102.NASL", "MACOSX_GOOGLE_CHROME_98_0_4758_102.NASL", "MACOSX_GOOGLE_CHROME_99_0_4844_84.NASL", "MACOS_HT213345.NASL", "MICROSOFT_EDGE_CHROMIUM_100_0_1185_44.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "MICROSOFT_EDGE_CHROMIUM_104_0_1293_60.NASL", "MICROSOFT_EDGE_CHROMIUM_105_0_1343_27.NASL", "MICROSOFT_EDGE_CHROMIUM_98_0_1108_55.NASL", "MICROSOFT_EDGE_CHROMIUM_99_0_1150_55.NASL", "OPENSUSE-2022-0042-1.NASL", "OPENSUSE-2022-0114-1.NASL", "OPENSUSE-2022-10055-1.NASL", "OPENSUSE-2022-10057-1.NASL", "OPENSUSE-2022-10087-1.NASL", "OPENSUSE-2022-10088-1.NASL", "OPENSUSE-2022-10099-1.NASL", "OPENSUSE-2022-10109-1.NASL", "UBUNTU_USN-5350-1.NASL", "UBUNTU_USN-5568-1.NASL"]}, {"type": "osv", "idList": ["OSV:DSA-5079-1", "OSV:DSA-5110-1", "OSV:DSA-5121-1", "OSV:DSA-5180-1", "OSV:DSA-5212-1", "OSV:GHSA-VV6J-WW6X-54GX"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:167516"]}, {"type": "qt", "idList": ["QT:B64AD93E56170FC29816162A7B78DDBC"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-1364"]}, {"type": "schneier", "idList": ["SCHNEIER:A04F4786905DA91D85C88E72BCD1F5E6"]}, {"type": "securelist", "idList": ["SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:11665FFD7075FB9D59316195101DE894"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0042-1", "OPENSUSE-SU-2022:0077-1", "OPENSUSE-SU-2022:0091-1", "OPENSUSE-SU-2022:0103-1", "OPENSUSE-SU-2022:0110-1", "OPENSUSE-SU-2022:0114-1", "OPENSUSE-SU-2022:0123-1", "OPENSUSE-SU-2022:0156-1", "OPENSUSE-SU-2022:10055-1", "OPENSUSE-SU-2022:10057-1", "OPENSUSE-SU-2022:10087-1", "OPENSUSE-SU-2022:10088-1", "OPENSUSE-SU-2022:10099-1", "OPENSUSE-SU-2022:10108-1", "OPENSUSE-SU-2022:10109-1"]}, {"type": "thn", "idList": ["THN:221BD04ADD3814DC78AF58DFF41861F3", "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "THN:5D50D5AA81EE14FA1044614364EAEBC6", "THN:80C4CCCAB293DD273948D1317EAC8B73", "THN:87B95415D8745E9CCD461A9997E67EFE", "THN:A7304742B34CEB82ECB0DB1AE4DD7116", "THN:E48AEFF468AB8445D91A32B6F5D7A770", "THN:EC6517AAC0BD5D8BBC4C4D32420CA903", "THN:EDC4E93542AFAF751E67BF527C826DA4"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC", "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2"]}, {"type": "ubuntu", "idList": ["USN-5350-1", "USN-5568-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-0609", "UB:CVE-2022-1096", "UB:CVE-2022-1364", "UB:CVE-2022-2294", "UB:CVE-2022-2856", "UB:CVE-2022-3075"]}, {"type": "veracode", "idList": ["VERACODE:34289", "VERACODE:34866", "VERACODE:35135", "VERACODE:36373", "VERACODE:36889"]}]}, "epss": [{"cve": "CVE-2022-0609", "epss": "0.003030000", "percentile": "0.649400000", "modified": "2023-03-19"}, {"cve": "CVE-2022-1096", "epss": "0.002560000", "percentile": "0.616780000", "modified": "2023-03-19"}, {"cve": "CVE-2022-1364", "epss": "0.004260000", "percentile": "0.703500000", "modified": "2023-03-19"}, {"cve": "CVE-2022-2294", "epss": "0.004260000", "percentile": "0.703480000", "modified": "2023-03-19"}, {"cve": "CVE-2022-2856", "epss": "0.001640000", "percentile": "0.513220000", "modified": "2023-03-19"}, {"cve": "CVE-2022-3075", "epss": "0.001210000", "percentile": "0.446560000", "modified": "2023-03-19"}], "vulnersScore": 1.1}, "_state": {"score": 1698852299, "dependencies": 1662444367, "epss": 1679304688}, "_internal": {"score_hash": "a942d6659364044be0837bdd77301e3e"}}

{"malwarebytes": [{"lastseen": "2022-09-06T00:03:08", "description": "On Friday, Google [announced](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) the release of a new version of its Chrome browser that includes a security fix for a zero-day tracked as [CVE-2022-3075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3075>). As with previous announcements, technical details about the vulnerability won't be released until a certain number of Chrome users have already applied the patch.\n\nGoogle is urging its Windows, Mac, and Linux users to update Chrome to version** 105.0.5195.102**.\n\nCVE-2022-3075 is described as an \"[i]nsufficient data validation in Mojo\". According to Chromium documents, Mojo is \"a collection of runtime libraries" that facilitates interfacing standard, low-level interprocess communication (IPC) primitives. Mojo provides a platform-agnostic abstraction of these primitives, which comprise most of Chrome's code.\n\nAn anonymous security researcher is credited for discovering and reporting the flaw.\n\nCVE-2022-3075 is the sixth zero-day Chrome vulnerability Google had to address. The previous ones were:\n\n * [C](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>)[VE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a Use-after-Free (UAF) vulnerability, which was patched in February\n * [CVE-2022-1096](<https://www.malwarebytes.com/blog/news/2022/03/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild>), a \"Type Confusion in V8\" vulnerability, which was patched in March\n * [CVE-2022-1364](<https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-zero-day-used-in-attacks/>), a flaw in the V8 JavaScript engine, which was patched in April\n * [CVE-2022-2294](<https://www.malwarebytes.com/blog/news/2022/07/update-now-chrome-patches-another-zero-day-vulnerability>), a flaw in the Web Real-Time Communications (WebRTC), which was patched in July\n * [CVE-2022-2856](<https://www.malwarebytes.com/blog/news/2022/08/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild>), an insufficient input validation flaw, which was patched in August\n\nGoogle Chrome needs minimum oversight as it updates automatically. However, if you're in the habit of not closing your browser or have extensions that may hinder Chrome from automatically doing this, please check your browser every now and then.\n\nOnce Chrome notifies you of an available update, don't hesitate to download it. The patch is applied once you relaunch the browser.\n\n![](https://www.malwarebytes.com/blog/news/2022/09/easset_upload_file63727_234723_e.png)\n\nStay safe!", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-05T16:30:00", "type": "malwarebytes", "title": "Zero-day puts a dent in Chrome's mojo", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075"], "modified": "2022-09-05T16:30:00", "id": "MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "href": "https://www.malwarebytes.com/blog/news/2022/09/update-chrome-asap-a-new-zero-day-is-already-being-exploited", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-05T15:58:36", "description": "Google has released version 103.0.5060.114 for Chrome, now available in the [Stable Desktop channel](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) worldwide. The main goal of this new version is to patch CVE-2022-2294.\n\n[CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications (WebRTC) component which is being exploited in the wild. This is the fourth Chrome zero-day to be patched in 2022.\n\n## Heap buffer overflow\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\nA buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n\nThe heap is an area of memory made available use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.\n\n## The vulnerability\n\nWebRTC on Chrome is the first true in-browser solution to real-time communications (RTC). It supports video, voice, and generic data to be sent between peers, allowing developers to build powerful voice- and video-communication solutions. The technology is available on all modern browsers as well as on native clients for all major platforms.\n\nA WebRTC application will usually go through a common application flow. Access the media devices, open peer connections, discover peers, and start streaming. Since Google does not disclose details about the vulnerability until everyone has had ample opportunity to install the fix it is unclear in what stage the vulnerability exists.\n\n## How to protect yourself\n\nIf you\u2019re a Chrome user on Windows or Mac, you should update as soon as possible.\n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the severity of the vulnerability. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\n![updating Chrome](https://blog.malwarebytes.com/wp-content/uploads/2022/07/updating-600x245.png)\n\nAfter the update the version should be 103.0.5060.114 or later.\n\n![Chrome is up to date](https://blog.malwarebytes.com/wp-content/uploads/2022/07/uptodate-600x250.png)\n\nSince WebRTC is a Chromium component, users of other Chromium based browsers may see a similar update.\n\nStay safe, everyone!\n\nThe post [Update now! Chrome patches ANOTHER zero-day vulnerability](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-07-05T13:56:04", "type": "malwarebytes", "title": "Update now! Chrome patches ANOTHER zero-day vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-05T13:56:04", "id": "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-30T15:40:03", "description": "Google has [urged](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>) its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a zero-day that is currently being exploited in the wild. This is in response to a bug reported by an anonymous security researcher last week.\n\nThe flaw, which is tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096>), is a "Type Confusion in V8" and is rated as high severity, meaning that it's necessary for everyone using Chrome to update as quickly as possible because of the damage attackers could cause once they exploit this.\n\nNot much is known about the vulnerability itself or how great the impact would be if exploited, but the unusual release of this patch, which notably addresses just one vulnerability, means that this update shouldn't be ignored.\n\nGoogle is always cautious to release more details until the majority of users are updated with a fix. Google says it [may take weeks](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>) before the update reaches its entire user base.\n\n## How to update\n\nThe easiest way to update is to allow Chrome to do it automatically, which basically uses the same method I outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.\n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time.\n\nMy preferred method is to have Chrome open the page **chrome://settings/help** which you can also find by clicking **Settings > About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then it will tell you all you have to do to complete the update is relaunch the browser.\n\n## Microsoft Edge\n\nMicrosoft has [confirmed](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>) that Edge, a Chromium-based browser, is also affected by this vulnerability. Edge users should urgently update their browsers to version 99.0.1150.55, which is not vulnerable to the flaw.\n\nThe post [Update now! Google releases emergency patch for Chrome zero-day used in the wild](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/03/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-03-28T13:42:54", "type": "malwarebytes", "title": "Update now! Google releases emergency patch for Chrome zero-day used in the wild", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2022-03-28T13:42:54", "id": "MALWAREBYTES:3203C761121FB47FC676CC2505B4A9FD", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/03/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-18T00:02:01", "description": "Google updated the Stable channel for Chrome to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. Extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows , which will roll out over the coming days/weeks.\n\nThis [update includes 11 security fixes](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>). One of the vulnerabilities is labeled as "Critical" and one of the vulnerabilities that is labeled as "High" exists in the wild.\n\n## Vulnerabilities\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). We discuss some of the CVE's included in this update below.\n\n[CVE-2022-2852](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2852>): a critical use after free vulnerability in FedCM. Use after free (UAF) vulnerabilities occur because of the incorrect use of dynamic memory during a program's operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. The Federated Credential Management API (FedCM) allows the browser to understand the context in which the relying party (for example a website) and the identity provider (a third party authentication service) exchange information.\n\n[CVE-2022-2856](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2856>): Insufficient validation of untrusted input in Intents. Chrome intents are the deep linking replacement for URI schemes on the Android device within the Chrome browser. Google's Threat Analysis Group submitted the vulnerability and technical details will not be released until everyone has had ample opportunity to update.\n\nGoogle is aware that an exploit for CVE-2022-2856 exists in the wild. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.\n\n[CVE-2022-2854](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2854>): a UAF vulnerability in SwiftShader. SwiftShader is a an open source library that provides a software 3D renderer. The attacker would have to trick the victim to visit a specially crafted website.\n\n[CVE-2022-2853](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2853>): a heap buffer overflow in Downloads. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap. The heap is the portion of memory where dynamically allocated memory resides.\n\n## How to protect yourself\n\nThe easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong--such as an extension stopping you from updating the browser.\n\nSo, it doesn't hurt to check now and then. And now would be a good time, given the severity of the vulnerabilities in this batch. My preferred method is to have Chrome open the page _chrome://settings/help_ which you can also find by clicking Settings > About Chrome.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.\n\n![Chrome up to date](https://www.malwarebytes.com/blog/news/2022/08/easset_upload_file48215_228169_e.png)\n\nAfter the update the version should be 104.0.5112.101 or later.\n\nStay safe, everyone!", "cvss3": {}, "published": "2022-08-17T11:00:00", "type": "malwarebytes", "title": "Update Chrome now! Google issues patch for zero day spotted in the wild", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2856"], "modified": "2022-08-17T11:00:00", "id": "MALWAREBYTES:86098B0C4C8EA7454C93620069F6582C", "href": "https://www.malwarebytes.com/blog/news/2022/08/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-21T11:57:15", "description": "Businesses and governments these days are relying on dozens of different Software-as-a-Service (SaaS) applications to run their operations \u2014 and it\u2019s no secret that hackers are always looking for security vulnerabilities in them to exploit.\n\nAccording to [research by BetterCloud](<http://pages.bettercloud.com/rs/719-KZY-706/images/2020_StateofSaaSOpsReport.pdf?mkt_tok=NzE5LUtaWS03MDYAAAF8LQdmoC7u54xbqxNwp0au4Zk7SiYaaqq2vupXFxCvaP5vY8gSQtlGFsUsRI8oj5Fl2m5PwIZUUAlzVZL_-hUEQ2RdNqgEzDAmZA5bZtowS_v-zMs>), the average company with 500 to 999 employees uses about 93 different SaaS applications, with that number rising to 177 for companies with over 1000 employees.\n\nCoupled with the fact that vendors release thousands of updates each year to patch security vulnerabilities in their software, it\u2019s not surprising that businesses and governments are struggling to keep up with the [volume of security vulnerabilities and patches](<https://media.bitpipe.com/io_15x/io_152272/item_2184126/ponemon-state-of-vulnerability-response-.pdf>).\n\nAnd lo and behold, despite the best efforts of governments and businesses around the globe, hackers still managed to exploit [multiple security vulnerabilities in 2021](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/04/the-top-5-most-routinely-exploited-vulnerabilities-of-2021/>).\n\nIn this post, we\u2019ll take a look at five times governments and businesses got hacked thanks to security vulnerabilities in 2021.\n\n## 1\\. APT41 exploits Log4Shell vulnerability to compromise at least two US state governments\n\nFirst publicly announced in early December 2021, [Log4shell](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/what-smbs-can-do-to-protect-against-log4shell-attacks/>) ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>)) is a critical security vulnerability in the popular Java library Apache Log4j 2. The vulnerability is simple to execute and enables attackers to perform [remote code execution](<https://blog.malwarebytes.com/glossary/remote-code-execution-rce-attack/>).\n\nA patch for Log4Shell was released on 9 December 2021, but within hours of the initial December 10 2021 announcement, hacker groups were already racing to exploit Log4Shell before businesses and governments could patch it \u2014 and at least one of them was successful.\n\nShortly after the advisory, the Chinese state-sponsored hacking group APT41 exploited Log4Shell to compromise at least two US state governments, according to research from [Mandiant](<https://www.mandiant.com/resources/apt41-us-state-governments>). Once they gained access to internet-facing systems, APT41 began a months-long campaign of [reconnaissance ](<https://blog.malwarebytes.com/glossary/recon/>)and credential harvesting.\n\n## 2. North Korean government backed-groups exploit Chrome zero-day vulnerability\n\nOn February 10 2022, Google's Threat Analysis Group (TAG) [discovered that two North Korean government backed-groups ](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-chrome-patches-actively-exploited-zero-day-vulnerability/>)exploited a vulnerability ([**CVE-2022-0609**](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>)) in Chrome to attack over 250 individuals working for various media, fintech, and software companies.\n\nThe activities of the two groups have been tracked as [Operation Dream Job](<https://www.clearskysec.com/operation-dream-job/>) and[ AppleJeus](<https://securelist.com/operation-applejeus/87553/>), and both of them used the same [exploit kit](<https://blog.malwarebytes.com/threats/exploit-kits/>) to collect sensitive information from affected systems.\n\nHow does it work, you ask? Well, hackers exploited a use-after-free (UAF) vulnerability in the Animation component of Chrome \u2014 which, just like Log4Shell, allows hackers to perform remote code execution.\n\n## 3. Hackers infiltrate governments and companies with ManageEngine ADSelfService Plus vulnerability\n\nFrom September 17 through early October, hackers successfully compromised at least nine companies and 370 servers by[ exploiting a vulnerability** **](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/fbi-and-cisa-warn-of-apt-groups-exploiting-adselfservice-plus/>)[**(CVE-20**](<https://nvd.nist.gov/vuln/detail/cve-2021-40539>)**[2](<https://nvd.nist.gov/vuln/detail/cve-2021-40539>)**[**1-40539)**](<https://nvd.nist.gov/vuln/detail/cve-2021-40539>)[ in ManageEngine ADSelfService Plus](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/fbi-and-cisa-warn-of-apt-groups-exploiting-adselfservice-plus/>), a self-service password management and single sign-on solution.\n\nSo, what happens after hackers exploited this vulnerability? You guessed it \u2014 remote code execution. Specifically, hackers uploaded a [payl](<https://blog.malwarebytes.com/glossary/payload/>)[oad ](<https://blog.malwarebytes.com/glossary/payload/.>)to a victims network that installed a webshell, a malicious script that grants hackers a persistent gateway to the affected device.\n\nFrom there, hackers [moved laterally](<https://blog.malwarebytes.com/glossary/lateral-movement/>) to other systems on the network, exfiltrated any files they pleased, and [even stole credentials](<https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/>).\n\n## 4. Tallinn-based hacker exploits Estonian government platform security vulnerabilities\n\n[In July 2021](<https://www.ria.ee/en/news/police-and-border-guard-board-and-information-system-authority-stopped-illegal-downloading-data.html>), Estonian officials announced that a Tallinn-based male had gained access to KMAIS, Estonia\u2019s ID-document database, where he downloaded the government ID photos of 286,438 Estonians.\n\nTo do this, the hacker exploited a vulnerability in KMAIS that allowed him to obtain a person's ID photo using queries. Specifically, KMAIS did not sufficiently check the validity of the query received \u2014 and so, using fake digital certificates, the suspect could download the photograph of whoever he was pretending to be.\n\n## 5. Russian hackers exploit Kaseya security vulnerabilities\n\nKaseya, a Miami-based software company, provides tech services to thousands of businesses over the world \u2014 and on July 2 2021, Kaseya CEO Fred Voccola had an urgent message for Kaseya customers: [shut down your servers immediately](<https://www.zdnet.com/article/updated-kaseya-ransomware-attack-faq-what-we-know-now/>).\n\nThe urgency was warranted. [Over 1,500 small and midsize businesses](<https://blog.malwarebytes.com/cybercrime/2021/07/shutdown-kaseya-vsa-servers-now-amidst-cascading-revil-attack-against-msps-clients/>) had just been attacked, with attackers asking for $70 million in payment.\n\nA Russian-based cybergang known as REvil claimed responsibility for the attack. According to Hunteress Labs, REvil [exploi](<https://www.cisa.gov/uscert/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa>)[ted a zero-day](<https://www.cisa.gov/uscert/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa>) ([CVE-](<https://nvd.nist.gov/vuln/detail/CVE-2021-30116>)[2021-30116](<https://nvd.nist.gov/vuln/detail/CVE-2021-30116>)) and performed an authentication bypass in Kaseya's web interface \u2014 allowing them to deploy [a ransomware attack](<https://blog.malwarebytes.com/ransomware/2021/07/3-things-the-kaseya-attack-can-teach-us-about-ransomware-recovery/>) on MSPs and their customers.\n\n## Organizations need a streamlined approach to vulnerability assessment\n\n[Hackers took advantage](<https://blog.malwarebytes.com/hacking-2/2022/05/10-ways-attackers-gain-access-to-networks/>) of many security vulnerabilities in 2021 to breach an array of governments and businesses.\n\nAs we broke down in this article, hackers can range from individuals to whole state-sponsored groups \u2014 and we also saw how vulnerabilities themselves can appear in just about any piece of software regardless of the industry.\n\nAnd while some vulnerabilities are certainly worse than others, the sheer volume of vulnerabilities out there makes it difficult to keep up with the volume of security patches. With the right [vulnerability management](<https://www.malwarebytes.com/cybersecurity/business/what-is-vulnerability-management>) and[ patch management](<https://www.malwarebytes.com/cybersecurity/business/what-is-patch-management>), however, your organization can find (and correct) weak points that malicious hackers, viruses, and other cyberthreats want to attack.\n\nWant to learn more about different vulnerability and patch management tools? Visit our [Vulnerability and Patch Management page](<https://www.malwarebytes.com/business/vulnerability-patch-management>) or read the [solution brief](<https://www.malwarebytes.com/resources/easset_upload_file46277_212091_e.pdf>).\n\nThe post [Security vulnerabilities: 5 times that organizations got hacked](<https://blog.malwarebytes.com/business-2/2022/06/security-vulnerabilities-5-times-that-organizations-got-hacked/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-21T10:04:02", "type": "malwarebytes", "title": "Security vulnerabilities: 5 times that organizations got hacked", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30116", "CVE-2021-40539", "CVE-2021-44228", "CVE-2022-0609"], "modified": "2022-06-21T10:04:02", "id": "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "href": "https://blog.malwarebytes.com/business-2/2022/06/security-vulnerabilities-5-times-that-organizations-got-hacked/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-23T00:02:12", "description": "On Thursday, CISA (the US Cybersecurity and Infrastructure Security Agency) updated [its catalog of actively exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch the weaknesses by September 8, 2022.\n\nCVE-2022-22536, an SAP flaw with the highest risk score of 10, is one of the seven. We wrote about it in February, and thankfully, SAP addressed the issue fairly quickly, too, by issuing a patch. CISA even mentioned that if customers fail to patch CVE-2022-22536, they could be exposed to ransomware attacks, data theft, financial fraud, and other business disruptions that'd cost them millions.\n\n[**CVE-2022-32893**](<https://cve.report/CVE-2022-32893>) and [**CVE-2022-32894**](<https://cve.report/CVE-2022-32894>), the two zero-day, out-of-bounds write vulnerabilities affecting iOS, iPadOS, and macOS, continue to [headline](<https://www.malwarebytes.com/blog/news/2022/08/urgent-update-for-macos-and-ios-two-actively-exploited-zero-days-fixed>) as of this writing. These are serious flaws that, if left unpatched, could allow anyone to take control of vulnerable Apple systems. Apple already released fixes for these from the following support pages:\n\n * [About the security content of iOS 15.6.1 and iPadOS 15.6.1](<https://support.apple.com/en-gb/HT213412>)\n * [About the security content of macOS Monterey 12.5.1](<https://support.apple.com/en-gb/HT213413>)\n * [About the security content of Safari 15.6.1](<https://support.apple.com/en-us/HT213414>)\n\nThe Google Chrome flaw with high severity, **[CVE-2022-2856](<https://www.malwarebytes.com/blog/news/2022/08/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild>)**, is also [confirmed](<https://www.forbes.com/sites/daveywinder/2022/08/20/google-confirms-chrome-zero-day-5-as-attacks-begin-update-now/>) to be targeted by hackers. As with other zero-days, technical details about it are light, but the [advisory](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) states that the flaw is an \"insufficient validation of untrusted input in Intents.\" The [Intents](<https://developers.google.com/assistant/conversational/intents>) technology works in the background and is involved in processing user input or handling a system event. If this flaw is exploited, anyone could create a malicious input that Chrome may validate incorrectly, leading to arbitrary code execution or system takeover.\n\nGoogle already patched this. While Chrome should've updated automatically, it is recommended to force an update check to ensure the patch is applied.\n\nMicrosoft also has patches available for **[CVE-2022-21971](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971>)** and **[CVE-2022-26923](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923>)** in February and May, respectively. The former was given an \"exploitation less likely\" probability, but that has already changed--a [proof-of-concept (PoC)](<https://www.malwarebytes.com/glossary/proof-of-concept>) has been available since March. PoC exploits were also made public for the latter Microsoft flaw. However, these were released after Microsoft had already pushed out a patch.\n\nPalo Alto Networks's is the oldest among the new vulnerabilities added to the catalog. Discovered in 2017, **[CVE-2017-15944](<https://nvd.nist.gov/vuln/detail/CVE-2017-15944>)** has a severity rating of 9.8 (Critical). Once exploited, attackers could perform remote code execution on affected systems. You can read more about this flaw on [Palo Alto's advisory page](<https://security.paloaltonetworks.com/CVE-2017-15944>).\n\nMalwarebytes advises readers to apply patches to these flaws if they use products of the companies we mentioned. You don't have to wait for the due date before you act.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-22T15:00:00", "type": "malwarebytes", "title": "CISA wants you to patch these actively exploited vulnerabilities before September 8", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15944", "CVE-2022-21971", "CVE-2022-22536", "CVE-2022-26923", "CVE-2022-2856", "CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-08-22T15:00:00", "id": "MALWAREBYTES:2B7FA24A43BE3D53EA1E393BEC594625", "href": "https://www.malwarebytes.com/blog/news/2022/08/cisa-wants-you-to-patch-these-actively-exploited-vulnerabilities-before-september-8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-08-17T15:25:34", "description": "[![Google Chrome Zero-Day Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3_bb3VbAiNI0HLVud2PvXV4VExBpknt5lLSc3IAtymjftt7sn5yG-gY7yWqZ7D13YpvQEhW_EH4K62wzm6dC_qDTQQokydIY0LHI2Ivvv6v5ShPJk8fOOoh0yQrASsDwCREknRK5SCrggAETbG4yY7w0t3uG53Dnpf3ckvBXKygsIpNHrnmHDrimR/s728-e1000/chrome.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3_bb3VbAiNI0HLVud2PvXV4VExBpknt5lLSc3IAtymjftt7sn5yG-gY7yWqZ7D13YpvQEhW_EH4K62wzm6dC_qDTQQokydIY0LHI2Ivvv6v5ShPJk8fOOoh0yQrASsDwCREknRK5SCrggAETbG4yY7w0t3uG53Dnpf3ckvBXKygsIpNHrnmHDrimR/s728-e100/chrome.png>)\n\nGoogle on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.\n\nTracked as **CVE-2022-2856**, the issue has been described as a case of insufficient validation of untrusted input in [Intents](<https://www.chromium.org/developers/web-intents-in-chrome/>). Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.\n\nAs is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. \"Google is aware that an exploit for CVE-2022-2856 exists in the wild,\" it [acknowledged](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) in a terse statement.\n\nThe latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.\n\nThe development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n\nUsers are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T12:02:00", "type": "thn", "title": "New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856"], "modified": "2022-08-17T13:41:27", "id": "THN:EDC4E93542AFAF751E67BF527C826DA4", "href": "https://thehackernews.com/2022/08/new-google-chrome-zero-day.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-28T12:06:14", "description": "[![Chrome Zero-Day Vulnerability](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhv36XpOZ1dAQAOtoI2FJrLTIwbrZmkU8pIotJv8smSt1yHSR5Sbs9DtPNusAAMvajmGc-st695EsqO3w1aNTpm9vxASuSHCLI61DemGb3LaAMW7MDDLo4j30s4iE1DZr2UeTpkEHlUc-WwTo0zqCxLNMlSHPLCRNEDT4wpaWQjgJMl3KhUpK7MKa2Z/s728-e1000/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhv36XpOZ1dAQAOtoI2FJrLTIwbrZmkU8pIotJv8smSt1yHSR5Sbs9DtPNusAAMvajmGc-st695EsqO3w1aNTpm9vxASuSHCLI61DemGb3LaAMW7MDDLo4j30s4iE1DZr2UeTpkEHlUc-WwTo0zqCxLNMlSHPLCRNEDT4wpaWQjgJMl3KhUpK7MKa2Z/s728-e100/chrome-zero-day-vulnerability.jpg>)\n\nGoogle on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser.\n\nThe [vulnerability](<https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html>), tracked as **CVE-2022-3723**, has been described as a type confusion flaw in the V8 JavaScript engine.\n\nSecurity researchers Jan Vojt\u011b\u0161ek, Mil\u00e1nek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022.\n\n\"Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild,\" the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks.\n\nCVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) and [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>).\n\nThe latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n\nUsers are recommended to upgrade to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-10-28T10:40:00", "type": "thn", "title": "Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723"], "modified": "2022-10-28T10:58:12", "id": "THN:222F7713CA968509F8C385BA29B0B6A5", "href": "https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-05T16:25:13", "description": "[![Google Chrome Browser](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPIpWOjahlvRij54ICh2NyDdEkKI9koTk4lx8UXqPG1hBOVokLO1jZE7QvnnAHX4fw21sdwK34cVKndChvGxTI0QScuSjwYGvpLSpuK9FSFbuXtXzoaxwm6I78OZwM-uyBKf7_r18ShybiBxFrmBcIKJ7pAD2BPSMaEVwJzpBkK1kNSbrrtJ6AmkPk/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPIpWOjahlvRij54ICh2NyDdEkKI9koTk4lx8UXqPG1hBOVokLO1jZE7QvnnAHX4fw21sdwK34cVKndChvGxTI0QScuSjwYGvpLSpuK9FSFbuXtXzoaxwm6I78OZwM-uyBKf7_r18ShybiBxFrmBcIKJ7pAD2BPSMaEVwJzpBkK1kNSbrrtJ6AmkPk/s728-e100/chrome-update.jpg>)\n\nGoogle on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.\n\nThe shortcoming, tracked as [**CVE-2022-2294**](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>), relates to a heap overflow flaw in the [WebRTC](<https://en.wikipedia.org/wiki/WebRTC>) component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.\n\nHeap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the [heap area of the memory](<https://en.wikipedia.org/wiki/Memory_management#Manual_memory_management>), leading to arbitrary code execution or a denial-of-service (DoS) condition.\n\n\"Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code,\" MITRE [explains](<https://cwe.mitre.org/data/definitions/122.html>). \"When the consequence is arbitrary code execution, this can often be used to subvert any other security service.\"\n\nCredited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Threat Intelligence team. It's worth pointing out that the bug also [impacts](<https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html>) the Android version of Chrome.\n\nAs is usually the case with zero-day exploitation, details pertaining to the flaw as well as other specifics related to the campaign have been withheld to prevent further abuse in the wild and until a significant chunk of users are updated with a fix.\n\nCVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\nThe disclosure shortly follows a report from Google Project Zero, which [noted](<https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html>) that a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild so far this year.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T02:55:00", "type": "thn", "title": "Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294"], "modified": "2022-07-05T13:54:52", "id": "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "href": "https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-26T04:08:15", "description": "[ ![Update Chrome Browser](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEikPLibtmTn8N2H14UEsCbQi0mXDkp7d4sxfUThlf9SHApnBVQaXlzTa5_Y_GROcH_HN9A8cDTE0iaRtCHiFqthOucxRIZyrjEzXxqkiX0DQPciOOULFnJ0I4aob50-m5id5elUHNKFtdF-5Ep-jdQVcYtFgUVENLsQkZIYWjXsuoDDYF_UBh0lc0o2/s728-e1000/chrome-update.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEikPLibtmTn8N2H14UEsCbQi0mXDkp7d4sxfUThlf9SHApnBVQaXlzTa5_Y_GROcH_HN9A8cDTE0iaRtCHiFqthOucxRIZyrjEzXxqkiX0DQPciOOULFnJ0I4aob50-m5id5elUHNKFtdF-5Ep-jdQVcYtFgUVENLsQkZIYWjXsuoDDYF_UBh0lc0o2/s728-e100/chrome-update.png>)\n\nGoogle on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.\n\nTracked as **CVE-2022-4135**, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.\n\nHeap-based buffer overflow bugs can be [weaponized](<https://cwe.mitre.org/data/definitions/122.html>) by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.\n\n\"Google is aware that an exploit for CVE-2022-4135 exists in the wild,\" the tech giant [acknowledged](<https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html>) in an advisory.\n\nBut like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and to prevent further abuse.\n\nWith the latest update, Google has resolved eight zero-day vulnerabilities in Chrome since the start of the year -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\nUsers are recommended to upgrade to version 107.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-25T13:12:00", "type": "thn", "title": "Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135"], "modified": "2022-11-26T04:07:40", "id": "THN:FFFF05ECDE44C9ED26B53D328B60689B", "href": "https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-05T06:08:51", "description": "[![Google zero-day](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi3-1t-O1Y4Oqvj24RGfItVIc7r4d1BOuWfRH4xG5ilh6GX83VydcDH0Fs1xqW5JUvFrpLzvA9ifqmf2lHts3lgA5VStlmb7c1Msk0yFUv5qzEgEjiU3_EPqVJlK4Z6uzMUFoKmnDAHWtOXsYNv7vEG8yG9H-NwH46z-Z7nAKiihKDF7bzl_Y20QXxS/s728-e1000/chrome.png)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi3-1t-O1Y4Oqvj24RGfItVIc7r4d1BOuWfRH4xG5ilh6GX83VydcDH0Fs1xqW5JUvFrpLzvA9ifqmf2lHts3lgA5VStlmb7c1Msk0yFUv5qzEgEjiU3_EPqVJlK4Z6uzMUFoKmnDAHWtOXsYNv7vEG8yG9H-NwH46z-Z7nAKiihKDF7bzl_Y20QXxS/s728-e100/chrome.png>)\n\nSearch giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.\n\nThe high-severity flaw, tracked as [CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>), concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022.\n\nType confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.\n\nAccording to the NIST's National Vulnerability Database, the flaw [permits](<https://nvd.nist.gov/vuln/detail/CVE-2022-4262>) a \"remote attacker to potentially exploit heap corruption via a crafted HTML page.\"\n\nGoogle acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.\n\nCVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also the ninth zero-day flaw attackers have exploited in the wild in 2022 -\n\n * [**CVE-2022-0609**](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [**CVE-2022-1096**](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-1364**](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-2294**](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) \\- Heap buffer overflow in WebRTC\n * [**CVE-2022-2856**](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>) \\- Insufficient validation of untrusted input in Intents\n * [**CVE-2022-3075**](<https://thehackernews.com/2022/09/google-release-urgent-chrome-update-to.html>) \\- Insufficient data validation in Mojo\n * [**CVE-2022-3723**](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n * [**CVE-2022-4135**](<https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html>) \\- Heap buffer overflow in GPU\n\nUsers are recommended to upgrade to version 108.0.5359.94 for macOS and Linux and 108.0.5359.94/.95 for Windows to mitigate potential threats.\n\nUsers of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T04:41:00", "type": "thn", "title": "Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-05T04:33:44", "id": "THN:2FB8A3C1E526D1FFA1477D35F0F70BF4", "href": "https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:28", "description": "[![Google Chrome Update](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhpjCuGD4WXaNN6nxKO5EalNHXrEO1r2PgkwQYS5Z4fg1J1iNhNuSZu4tqOM6Ohl9vpp6QyHLYCS9rWACrVbbaIJUPQ9rTXrZPXmPG7SMzGybYouS2Gy54kBSr90hQqQD0npkDgUM7qiCLvQEpG86SHqny5-bN6yTHLRxPBtls52iaOhN5Ui-sM9RZ4/s728-e1000/chrome-extensions.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhpjCuGD4WXaNN6nxKO5EalNHXrEO1r2PgkwQYS5Z4fg1J1iNhNuSZu4tqOM6Ohl9vpp6QyHLYCS9rWACrVbbaIJUPQ9rTXrZPXmPG7SMzGybYouS2Gy54kBSr90hQqQD0npkDgUM7qiCLvQEpG86SHqny5-bN6yTHLRxPBtls52iaOhN5Ui-sM9RZ4/s728-e100/chrome-extensions.jpg>)\n\nGoogle on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.\n\nTracked as [CVE-2022-1364](<https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html>), the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Cl\u00e9ment Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022.\n\nAs is typically the case with actively exploited zero-day flaws, the company acknowledged it's \"aware that an exploit for CVE-2022-1364 exists in the wild.\" Additional details about the flaw and the identity of the threat actors have been withheld to prevent further abuse.\n\nWith the latest fix, Google has patched a total of three zero-day vulnerabilities in Chrome since the start of the year. It's also the second type confusion-related bug in V8 to be squashed in less than a month -\n\n * [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>) \\- Use-after-free in Animation\n * [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>) \\- Type confusion in V8\n\n[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh6B83ZXigpC9fguwiLwmsTF6j73zc5NEtpSNiGfAAl-clSHcXVa31RbaQfOCfKesHRCqidahWfYEq_lTb6Wo-qPTz15of2-8gP75by67zdsyHfHawMXYaPWSZQLF1KIVi7jyn0uf4bWxBN0j73AHcGrmJOkXRdboYNb6jCKG2veHy3dPK8riejHmuo/s728-e100/chrome-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh6B83ZXigpC9fguwiLwmsTF6j73zc5NEtpSNiGfAAl-clSHcXVa31RbaQfOCfKesHRCqidahWfYEq_lTb6Wo-qPTz15of2-8gP75by67zdsyHfHawMXYaPWSZQLF1KIVi7jyn0uf4bWxBN0j73AHcGrmJOkXRdboYNb6jCKG2veHy3dPK8riejHmuo/s728-e100/chrome-update.jpg>)\n\nUsers are recommended to update to version 100.0.4896.127 for Windows, macOS, and Linux to thwart potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-15T03:25:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364"], "modified": "2022-04-18T03:04:38", "id": "THN:E48AEFF468AB8445D91A32B6F5D7A770", "href": "https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:26", "description": "[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhe4kI4fPWEvYG9ia8i9jo4TGUExUqxfVYERYGlXDOHtolech2eDZ1t68Ygq-Rm2KyDOptmayUsQQ8KWRS6YLPsnNM81pe5p-m9VRQ3jW80R7QesFXZ6BrtdfsBk9_pvdaAJUbvRR8si8Ro0mR-XltTDsPJ-2gNPRTn6yVm8yNWyn9cPdTUYrX5TsGA/s728-e100/chrome-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhe4kI4fPWEvYG9ia8i9jo4TGUExUqxfVYERYGlXDOHtolech2eDZ1t68Ygq-Rm2KyDOptmayUsQQ8KWRS6YLPsnNM81pe5p-m9VRQ3jW80R7QesFXZ6BrtdfsBk9_pvdaAJUbvRR8si8Ro0mR-XltTDsPJ-2gNPRTn6yVm8yNWyn9cPdTUYrX5TsGA/s728-e100/chrome-update.jpg>)\n\nGoogle on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.\n\nTracked as [**CVE-2022-1096**](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>), the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.\n\nType confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that's incompatible to what was originally initialized, could have serious consequences in languages that are not [memory safe](<https://en.wikipedia.org/wiki/Memory_safety>) like C and C++, enabling a malicious actor to perform out-of-bounds memory access.\n\n\"When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution,\" MITRE's Common Weakness Enumeration (CWE) [explains](<https://cwe.mitre.org/data/definitions/843.html>).\n\nThe tech giant acknowledged it's \"aware that an exploit for CVE-2022-1096 exists in the wild,\" but stopped short of sharing additional specifics so as to prevent further exploitation and until a majority of users are updated with a fix.\n\nCVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year, the first being [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a use-after-free vulnerability in the Animation component that was patched on February 14, 2022.\n\nEarlier this week, Google's Threat Analysis Group (TAG) [disclosed](<https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html>) details of a twin campaign staged by North Korean nation-state groups that weaponized the flaw to strike U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries.\n\nGoogle Chrome users are highly recommended to update to the latest version 99.0.4844.84 for Windows, Mac, and Linux to mitigate any potential threats. Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-26T02:11:00", "type": "thn", "title": "Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096"], "modified": "2022-03-26T02:11:38", "id": "THN:EC6517AAC0BD5D8BBC4C4D32420CA903", "href": "https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-03T09:59:40", "description": "[![Candiru Spyware Chrome Exploit](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e1000/chrome.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhHUSen7gjgQ5i3C-q9vT12dujHW41TWsQeeVN4wsLFAQmcgZRsO8Q3mTYnY-5mLbMge8R31OsaEXXfqM0Netare_I-JSvbNxgMU29R5g37LRVEcub_rs2mLdXBXgq7IiYJSyEfjnDhGF-Bz78B5X9JhDReehsYhhbqLkUVpPksLtku3ko-eJgjj-9i/s728-e100/chrome.jpg>)\n\nThe actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.\n\nCzech cybersecurity firm Avast linked the exploitation to [Candiru](<https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html>) (aka Saito Tech), which has a history of [leveraging previously unknown flaws](<https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html>) to deploy a Windows malware dubbed **DevilsTongue**, a modular implant with [Pegasus](<https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html>)-like capabilities.\n\nCandiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were [added to the entity list](<https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html>) by the U.S. Commerce Department in November 2021 for engaging in \"malicious cyber activities.\"\n\n\"Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,\" security researcher Jan Vojt\u011b\u0161ek, who reported the discovery of the flaw, [said](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>) in a write-up. \"We believe the attacks were highly targeted.\"\n\nThe vulnerability in question is [CVE-2022-2294](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>), memory corruption in the [WebRTC](<https://webrtc.org/>) component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by [Apple](<https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html>) and [Microsoft](<https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html>) in Safari and Edge browsers.\n\nThe findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.\n\n[![Candiru Spyware](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e1000/chrome-exploit.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjipZHJEu9rZboUnuN5vu4vzlFRiroPcgqPjPovcoi87zmmsxwT6Tw0Ye57y2r6_J3tFLfcRQOK2pEX3SQOvb6rAncsH4TTM_qkGtIQdfVJ_pWihsK_8KLSVuikizgk0g782gAxCstqG-TIxSIoJ5RfRqJgyaVUzMzhpQdJ7wP0mUmFPm_69lPZYZvs/s728-e100/chrome-exploit.jpg>)\n\nThe infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that's responsible for redirecting potential victims to an exploit server.\n\nVia this watering hole technique, a profile of the victim's browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.\n\nAvast assessed the information was gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of value by the hackers, the zero-day exploit is then delivered to the victim's machine over an encrypted channel.\n\nThe exploit, in turn, abuses the heap buffer overflow in WebRTC to attain shellcode execution. The zero-day flaw is said to have been chained with a sandbox escape exploit (that was never recovered) to gain an initial foothold, using it to drop the DevilsTongue payload.\n\nWhile the sophisticated malware is capable of recording the victim's webcam and microphone, keylogging, exfiltrating messages, browsing history, passwords, locations, and much more, it has also been observed attempting to escalate its privileges by installing a vulnerable signed kernel driver (\"[HW.sys](<https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5>)\") containing a third zero-day exploit.\n\nEarlier this January, ESET [explained](<https://www.eset.com/int/about/newsroom/press-releases/research/esets-research-into-bring-your-own-vulnerable-driver-details-attacks-on-drivers-in-windows-core-1/>) how vulnerable signed kernel drivers - an approach called Bring Your Own Vulnerable Driver ([BYOVD](<https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/>)) - can become unguarded gateways for malicious actors to gain entrenched access to Windows machines. \n\nThe disclosure comes a week after Proofpoint [revealed](<https://thehackernews.com/2022/07/state-backed-hackers-targeting.html>) that nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware since early 2021.\n\n**_Update:_** Google Project Zero shared the below statement following the publication of the story \u2013\n\n\"CVE-2022-2294 is a memory corruption vulnerability in [libWebRTC](<https://webrtc.org/>), a video conferencing library that is widely used by browsers and mobile applications,\" the search giant's cybersecurity teams said. \"Avast reported that this vulnerability was used to target Google Chrome users in the wild.\"\n\n\"The vulnerability potentially affects other browsers, and was recently [patched](<https://support.apple.com/en-us/HT213341>) in Safari. Many mobile applications also contain the vulnerable code, though it is unclear whether the bug is exploitable. We are not aware of any active exploitation targeting platforms other than Chrome. We greatly appreciate Avast detecting and reporting this issue.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {}, "published": "2022-07-22T06:40:00", "type": "thn", "title": "Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-03T08:33:23", "id": "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "href": "https://thehackernews.com/2022/07/candiru-spyware-caught-exploiting.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-04-22T08:18:10", "description": "[![Cascading Supply Chain Attack](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjYQKkzY_-mItw25Wa6aQD0IVkkL1G7_qgOa1tw2npjUQUrl-xwgz9g1wJ9Q1Drav9iy8Q0Dhj9J_9szRCLzM0vldk7WEUr_x93_N9pMzqV1mYPdl59j5aD2CPYNqmwrl9vQ6WKwvh3LXtyOvVytBIfLsknbKJ0EfpukdsnLKVPF7TcKzlg6dAS7Mzr/s728-e365/supply-chain-hack.png>)\n\nThe supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors.\n\nGoogle-owned Mandiant, which is [tracking](<https://thehackernews.com/2023/04/lazarus-sub-group-labyrinth-chollima.html>) the attack event under the moniker **UNC4736**, [said](<https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise>) the incident marks the first time it has seen a \"software supply chain attack lead to another software supply chain attack.\"\n\nThe Matryoshka doll-style cascading attack against 3CX first came to light on March 29, 2023, when it [emerged](<https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html>) that Windows and macOS versions of its communication software were trojanized to deliver a C/C++-based data miner named ICONIC Stealer by means of a downloader, SUDDENICON, that used icon files hosted on GitHub to extract the server containing the stealer.\n\n\"The malicious application next attempts to steal sensitive information from the victim user's web browser,\" the U.S. Cybersecurity and Infrastructure Security Agency (CISA) [said](<https://www.cisa.gov/news-events/alerts/2023/04/20/cisa-releases-malware-analysis-report-iconicstealer>) in an analysis of the malware. \"Specifically it will target the Chrome, Edge, Brave, or Firefox browsers.\"\n\nSelect attacks targeting cryptocurrency companies also entailed the deployment of a next-stage backdoor referred to as [Gopuram](<https://thehackernews.com/2023/04/cryptocurrency-companies-targeted-in.html>) that's capable of running additional commands and interacting with the victim's file system.\n\nMandiant's [investigation](<https://www.3cx.com/blog/news/mandiant-security-update2/>) into the sequence of events has now revealed the patient zero to be a malicious version of a now-discontinued software provided by a fintech company called Trading Technologies, which was downloaded by a 3CX employee to their personal computer.\n\nIt described the initial intrusion vector as \"a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER.\"\n\nThis rogue installer, in turn, contained a setup binary that dropped two trojanized DLLs and an innocuous executable, the latter of which is used to side-load one of the DLLs that's camouflaged as a legitimate dependency.\n\nThe attack chain then made use of open source tools like [SIGFLIP](<https://github.com/med0x2e/SigFlip>) and [DAVESHELL](<https://github.com/monoxgas/sRDI>) to ultimately extract and execute VEILEDSIGNAL, a multi-stage modular backdoor written in C that's capable of sending data, executing shellcode, and terminating itself.\n\nThe initial compromise of the employee's personal computer using VEILEDSIGNAL enabled the threat actor to obtain the individual's corporate credentials, two days after which the first unauthorized access of 3CX's network took place via a VPN by taking advantage of the stolen credentials.\n\n[![Cascading Supply Chain Attack on 3CX](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg1Aa0J-PjfF3a8lrSsfLYwzoSdG9KMyAfGVzxuV8Jwbp6rWpk9rgkLYWsnRs5TZUDZHDH7DE7uOJrg1jmlns4f6uc08rKfGSQLSPo_DnPYQIQkCLU2yWA7F0_FB82FTYu4l_mLXuCzetcjz-kIpq-tuBo_hZselMf1bnDtKtF8lHr2B_6ZED92oT-Z4w/s728-e365/mm.png>)\n\nBesides identifying tactical similarities between the compromised X_TRADER and 3CXDesktopApp apps, Mandiant found that the threat actor subsequently laterally moved within the 3CX environment and breached the Windows and macOS build environments.\n\n\"On the Windows build environment, the attacker deployed a TAXHAUL launcher and COLDCAT downloader that persisted by performing DLL side-loading through the IKEEXT service and ran with LocalSystem privileges,\" Mandiant said. \"The macOS build server was compromised with POOLRAT backdoor using Launch Daemons as a persistence mechanism.\"\n\nPOOLRAT, previously classified by the threat intelligence firm as SIMPLESEA, is a C/C++ macOS implant capable of collecting basic system information and executing arbitrary commands, including carrying out file operations.\n\nUNC4736 is suspected to be a threat group with North Korean nexus, an assessment that's been reinforced by ESET's [discovery](<https://thehackernews.com/2023/04/lazarus-group-adds-linux-malware-to.html>) of an overlapping command-and-control (C2) domain (journalide[.]org) employed in the supply chain attack and that of a Lazarus Group campaign called Operation Dream Job.\n\nEvidence gathered by Mandiant shows that the group exhibits commonalities with another intrusion set tracked as [Operation AppleJeus](<https://thehackernews.com/2022/12/north-korean-hackers-spread-applejeus.html>), which has a track record of carrying out financially motivated attacks.\n\nWhat's more, the breach of Trading Technologies' website is said to have taken place in early February 2022 to activate a [multi-stage infection chain](<https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html>) responsible for serving unknown payloads to the site visitors by weaponizing a then zero-day flaw in Google Chrome ([CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>)).\n\n\"The site www.tradingtechnologies[.]com was compromised and hosting a hidden IFRAME to exploit visitors, just two months before the site was known to deliver a trojanized X_TRADER software package,\" Mandiant explained.\n\nAnother link connecting it to AppleJeus is the threat actor's previous use of an older version of POOLRAT as part of a [long-running campaign](<https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a>) disseminating booby-trapped trading applications like [CoinGoTrade](<https://www.cisa.gov/news-events/analysis-reports/ar21-048e>) to facilitate cryptocurrency theft.\n\nThe entire scale of the campaign remains unknown, and it's currently not clear if the compromised X_TRADER software was used by other firms. The platform was purportedly decommissioned in April 2020, but it was still available to download from the site in 2022.\n\n3CX, in an [update](<https://www.3cx.com/blog/news/security-action-plan/>) shared on April 20, 2023, said it's taking steps to harden its systems and minimize the risk of nested software-in-software supply chain attacks by enhancing product security, incorporating tools to ensure the integrity of its software, and establishing a new department for Network Operations and Security.\n\n\"Cascading software supply chain compromises demonstrate that North Korean operators can exploit network access in creative ways to develop and distribute malware, and move between target networks while conducting operations aligned with North Korea's interests,\" Mandiant said.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-04-21T09:55:00", "type": "thn", "title": "N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-04-22T06:56:47", "id": "THN:4548AA82E9B35A1EFE8DBB8D3D9464D4", "href": "https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:33", "description": "[![Chrome 0-Day](https://thehackernews.com/new-images/img/a/AVvXsEgInMg5oi0EuLT48UdHSduKG1gC3QcDY31qtxed-1eLVZHmLmB8WlxqvHc8R-sJTKH1US2u2oCIsGlm9hWzM_AxHS104Ld0Uu3NNK1_J7y0Peoq5ju3dD6temNu7yRQKMOZoLszL4i9VJjnGs9A_j6bQRDzyi6d90sA94gk0bv7qQ2QhbM063DW4_DD=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEgInMg5oi0EuLT48UdHSduKG1gC3QcDY31qtxed-1eLVZHmLmB8WlxqvHc8R-sJTKH1US2u2oCIsGlm9hWzM_AxHS104Ld0Uu3NNK1_J7y0Peoq5ju3dD6temNu7yRQKMOZoLszL4i9VJjnGs9A_j6bQRDzyi6d90sA94gk0bv7qQ2QhbM063DW4_DD>)\n\nGoogle on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022.\n\nThe shortcoming, tracked **CVE-2022-0609**, is described as a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems.\n\n\"Google is aware of reports that an exploit for **CVE-2022-0609** exists in the wild,\" the company [said](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) in a characteristically brief statement acknowledging active exploitation of the flaw. Credited with discovering and reporting the flaw are Adam Weidemann and Cl\u00e9ment Lecigne of Google's Threat Analysis Group (TAG).\n\n[![Chrome 0-Day](https://thehackernews.com/new-images/img/a/AVvXsEhw_zmtHqnXqaJefS7oZvh28qsxonD53oGecFvi_dhJmSWdL-G6nLJJofAgUuHYiNJ4LK8f3Sx-dUK2u2NjZkZWNh9NIbuWElXZzkaMTS74E0MA9uCJmd_cqoWj5T6ytx9I936Vwjxz_rIsv65CDhPE6TaInytmKM7LDh3D7Kw4TPdq6yPiJOLiQu2T=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEhw_zmtHqnXqaJefS7oZvh28qsxonD53oGecFvi_dhJmSWdL-G6nLJJofAgUuHYiNJ4LK8f3Sx-dUK2u2NjZkZWNh9NIbuWElXZzkaMTS74E0MA9uCJmd_cqoWj5T6ytx9I936Vwjxz_rIsv65CDhPE6TaInytmKM7LDh3D7Kw4TPdq6yPiJOLiQu2T>)\n\nAlso addressed by Google four other use-after-free flaws impacting File Manager, Webstore API, [ANGLE](<https://en.wikipedia.org/wiki/ANGLE_\$software\$>), and GPU, a heap buffer overflow bug in Tab Groups, an integer overflow in Mojo, and an issue with inappropriate implementation in Gamepad API.\n\nGoogle Chrome users are highly recommended to update to the latest version 98.0.4758.102 for Windows, Mac, and Linux to mitigate any potential threats. It's worth noting that Google had addressed [17 zero-day flaws](<https://thehackernews.com/2021/12/update-google-chrome-to-patch-new-zero.html>) in Chrome in 2021.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-15T05:06:00", "type": "thn", "title": "New Chrome 0-Day Bug Under Active Attack \u2013 Update Your Browser ASAP!", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-16T04:13:12", "id": "THN:A7304742B34CEB82ECB0DB1AE4DD7116", "href": "https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:25", "description": "[![North Korean Hackers](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhb0TU4PRkcBXaBPsOFb0SjZitrfNUAz50SZ59ScVz8afhB3rGrhOGWwrqnqAwvQ-glDseEhe7X4Moo5jmATZL-AbZ1zSB0tAd6QPCJqZQXxrHfjHo1RBEybYwnRFQ8axJEwCceOG_FN1Y-DG3ZRhOFrlclTKjtafCS8bDD6dTOhZWgUnp6BmPO_qaB/s728-e1000/north-korea-cyber-attack.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhb0TU4PRkcBXaBPsOFb0SjZitrfNUAz50SZ59ScVz8afhB3rGrhOGWwrqnqAwvQ-glDseEhe7X4Moo5jmATZL-AbZ1zSB0tAd6QPCJqZQXxrHfjHo1RBEybYwnRFQ8axJEwCceOG_FN1Y-DG3ZRhOFrlclTKjtafCS8bDD6dTOhZWgUnp6BmPO_qaB/s728-e100/north-korea-cyber-attack.jpg>)\n\nGoogle's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.\n\nThe campaigns, once again \"reflective of the regime's immediate concerns and priorities,\" are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks [aimed at security researchers](<https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html>) last year.\n\nThe shortcoming in question is [CVE-2022-0609](<https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html>), a use-after-free vulnerability in the browser's Animation component that Google addressed as part of updates (version 98.0.4758.102) issued on February 14, 2022. It's also the first zero-day flaw patched by the tech giant since the start of 2022.\n\n\"The earliest evidence we have of this exploit kit being actively deployed is January 4, 2022,\" Google TAG researcher Adam Weidemann [said](<https://blog.google/threat-analysis-group/countering-threats-north-korea/>) in a report. \"We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques.\"\n\nThe first campaign, consistent with TTPs associated with what Israeli cybersecurity firm ClearSky described as \"[Operation Dream Job](<https://www.clearskysec.com/operation-dream-job/>)\" in August 2020, was directed against over 250 individuals working for 10 different news media, domain registrars, web hosting providers, and software vendors, luring them with fake job offers from companies like Disney, Google, and Oracle.\n\nThe usage of phony job listings is a time-tested tactic of North Korean nation-state groups, which, earlier this January, was [found impersonating](<https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html>) the American global security and aerospace company Lockheed Martin to distribute malware payloads to target individuals seeking jobs in the aerospace and defense industry.\n\n\"The double scenario of espionage and money theft is unique to North Korea, which operates intelligence units that steal both information and money for their country,\" ClearSky researchers noted at the time.\n\nThe second activity cluster that's believed to have leveraged the same Chrome zero-day relates to [Operation AppleJeus](<https://thehackernews.com/2021/02/north-korean-hackers-targeting-defense.html>), which compromised at least two legitimate fintech company websites to serve the exploit to no less than 85 users.\n\nThe [exploit kit](<https://www.virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685>), according to Google TAG, is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control.\n\n\"In other cases, we observed fake websites \u2014 already set up to distribute trojanized cryptocurrency applications \u2014 hosting [iframes](<https://en.wikipedia.org/wiki/HTML_element#Frames>) and pointing their visitors to the exploit kit,\" Weidemann said.\n\nThe initial stage encompassed a reconnaissance phase to fingerprint the targeted machines that was then followed by serving the remote code execution (RCE) exploit, which, when successful, led to the retrieval of a second-stage package engineered to escape the sandbox and carry out further post-exploitation activities.\n\nGoogle TAG, which discovered the intrusions on February 10, noted that it was \"unable to recover any of the stages that followed the initial RCE,\" emphasizing that the threat actors made use of several safeguards, including the use of AES encryption, designed explicitly to obscure their tracks and hinder the recovery of intermediate stages.\n\nAdditionally, the campaigns checked for visitors using non-Chromium based browsers such as Safari on macOS or Mozilla Firefox (on any operating system), redirecting the victims to specific links on known exploitation servers. It's not immediately clear if any of those attempts were fruitful.\n\nThe findings come as threat intelligence company Mandiant [mapped](<https://www.mandiant.com/resources/mapping-dprk-groups-to-government>) different Lazarus sub-groups to various government organizations in North Korea, including the Reconnaissance General Bureau (RGB), the United Front Department (UFD), and the Ministry of State Security (MSS).\n\nLazarus is the umbrella moniker collectively referring to malicious cyber and financial crime operations originating from the heavily-sanctioned hermit kingdom, in the same manner [Winnti](<https://malpedia.caad.fkie.fraunhofer.de/actor/winnti_umbrella>) and [MuddyWater](<https://thehackernews.com/2022/03/iranian-hackers-targeting-turkey-and.html>) function as a conglomerate of multiple teams to help further China and Iran's geopolitical and national security objectives.\n\n\"North Korea's intelligence apparatus possesses the flexibility and resilience to create cyber units based on the needs of the country,\" Mandiant researchers said. \"Additionally overlaps in infrastructure, malware, and tactics, techniques and procedures indicate there are shared resources amongst their cyber operations.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-25T06:45:00", "type": "thn", "title": "North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-26T02:04:01", "id": "THN:87B95415D8745E9CCD461A9997E67EFE", "href": "https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-17T06:59:37", "description": "[![Chrome Zero-Day Vulnerability](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg1CUbcQScbnTemjH3z-9z7l3lye-ZJqruEuNRoONKxyXz0UkWl_skXsdzuxg5Cyw6VemvnadXx5JVa-UgtYCu3ALMbFcng4yzhHI3pVtvVU9eqkmGx2H7nPIMkGapwSvVPx5HY2ASP51LVelcKSJzC0nGN6Hzq-5upm_ZDqq02Ljx_s0wB8inyj242/s728-e365/google-chrome.png>)\n\nGoogle on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.\n\nTracked as **CVE-2023-2033**, the high-severity vulnerability has been described as a [type confusion issue](<https://cwe.mitre.org/data/definitions/843.html>) in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023.\n\n\"Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,\" [according](<https://nvd.nist.gov/vuln/detail/CVE-2023-2033>) to the NIST's National Vulnerability Database (NVD).\n\nThe tech giant [acknowledged](<https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html>) that \"an exploit for CVE-2023-2033 exists in the wild,\" but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors.\n\nCVE-2023-2033 also appears to share similarities with [CVE-2022-1096](<https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html>), [CVE-2022-1364](<https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html>), [CVE-2022-3723](<https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html>), and [CVE-2022-4262](<https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html>) \u2013 four other actively abused type confusion flaws in V8 that were remediated by Google in 2022.\n\nGoogle closed out a total of nine zero-days in Chrome last year. The development comes days after Citizen Lab and Microsoft [disclosed](<https://thehackernews.com/2023/04/israel-based-spyware-firm-quadream.html>) the exploitation of a now-patched flaw in Apple iOS by customers of a shadowy spyware vendor named QuaDream to target journalists, political opposition figures, and an NGO worker in 2021.\n\nIt also comes within a week of Apple releasing updates to patch two actively exploited zero-day vulnerabilities ([CVE-2023-28205 and CVE-2023-28206](<https://thehackernews.com/2023/04/apple-releases-updates-to-address-zero.html>)) in iOS, iPadOS, macOS, and Safari web browser that could lead to arbitrary code execution.\n\nUsers are recommended to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-04-15T03:58:00", "type": "thn", "title": "Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-1096", "CVE-2022-1364", "CVE-2022-3723", "CVE-2022-4262", "CVE-2023-2033", "CVE-2023-28205", "CVE-2023-28206"], "modified": "2023-04-17T06:21:11", "id": "THN:CDFC216AC6B26D35C38BDB32822B4E96", "href": "https://thehackernews.com/2023/04/google-releases-urgent-chrome-update-to.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-23T16:56:17", "description": "[![Actively Exploited Vulnerabilities](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjs8JaMOY9R6lUtMUspyaZkXpTsX4qNnhcrHTL9mWH5ZNa5vmozYX5_wadmPyK4zvGOflysK8-kmfWEodQkGRkX2S6SRc2Rz3Mmc6gZULQMoM1NWsDnbyPfI1hCtqNvHLJGrpMX5ei4CIFAfpq-ihMIXLWrMaa-7Q5NtgXCuo8GX35xntkWn95YjMu2/s728-e1000/cisa.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjs8JaMOY9R6lUtMUspyaZkXpTsX4qNnhcrHTL9mWH5ZNa5vmozYX5_wadmPyK4zvGOflysK8-kmfWEodQkGRkX2S6SRc2Rz3Mmc6gZULQMoM1NWsDnbyPfI1hCtqNvHLJGrpMX5ei4CIFAfpq-ihMIXLWrMaa-7Q5NtgXCuo8GX35xntkWn95YjMu2/s728-e100/cisa.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a [critical SAP security flaw](<https://www.cisa.gov/uscert/ncas/current-activity/2022/08/18/cisa-adds-seven-known-exploited-vulnerabilities-catalog>) to its [Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), based on evidence of active exploitation.\n\nThe issue in question is [CVE-2022-22536](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>), which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022.\n\nDescribed as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions -\n\n * SAP Web Dispatcher (Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87)\n * SAP Content Server (Version - 7.53)\n * SAP NetWeaver and ABAP Platform (Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49)\n\n\"An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary web caches,\" CISA said in an alert.\n\n\"A simple HTTP request, indistinguishable from any other valid message and without any kind of authentication, is enough for a successful exploitation,\" Onapsis, which [discovered](<https://onapsis.com/icmad-sap-cybersecurity-vulnerabilities>) the flaw, [notes](<https://onapsis.com/threat-report/icmad-sap-vulnerabilities>). \"Consequently, this makes it easy for attackers to exploit it and more challenging for security technology such as firewalls or IDS/IPS to detect it (as it does not present a malicious payload).\"\n\nAside from the SAP weakness, the agency added new flaws disclosed by Apple ([CVE-2022-32893 and CVE-2022-32894](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>)) and Google ([CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>)) this week as well as previously documented Microsoft-related bugs ([CVE-2022-21971](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971>) and [CVE-2022-26923](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923>)) and a remote code execution vulnerability in Palo Alto Networks PAN-OS ([CVE-2017-15944](<https://nvd.nist.gov/vuln/detail/CVE-2017-15944>), CVSS score: 9.8) that was disclosed in 2017.\n\nCVE-2022-21971 (CVSS score: 7.8) is a remote code execution vulnerability in Windows Runtime that was resolved by Microsoft in February 2022. CVE-2022-26923 (CVSS score: 8.8), fixed in May 2022, relates to a privilege escalation flaw in Active Directory Domain Services.\n\n\"An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System,\" Microsoft describes in its advisory for CVE-2022-26923.\n\nThe CISA notification, as is traditionally the case, is light on technical details of in-the-wild attacks associated with the vulnerabilities so as to avoid threat actors taking further advantage of them.\n\nTo mitigate exposure to potential threats, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the relevant patches by September 8, 2022.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-20T14:19:00", "type": "thn", "title": "CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15944", "CVE-2022-21971", "CVE-2022-22536", "CVE-2022-26923", "CVE-2022-2856", "CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-09-23T13:13:33", "id": "THN:221BD04ADD3814DC78AF58DFF41861F3", "href": "https://thehackernews.com/2022/08/cisa-adds-7-new-actively-exploited.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2023-12-03T15:33:28", "description": "Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.\n\nThe bug, tracked as [CVE-2022-2856](<https://vulners.com/cve/CVE-2022-2856>) and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with \u201cinsufficient validation of untrusted input in Intents,\u201d according to [the advisory](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) posted by Google.\n\nGoogle credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19. The advisory also unveiled 10 other patches for various other Chrome issues.\n\nIntents are a deep linking feature on the Android device within the Chrome browser that replaced URI schemes, which previously handled this process, [according to Branch](<https://branch.io/glossary/chrome-intents/>), a company that offers various linking options for mobile applications.\n\n\u201cInstead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document,\u201d the company explained on its website. Intent \u201cadds complexity\u201d but \u201cautomatically handles the case of the mobile app not being installed\u201d within links, according to the post.\n\nInsufficient validation is associated with input validation, a frequently-used technique for checking potentially dangerous inputs to ensure that they are safe for processing within the code, or when communicating with other components, [according to MITRE\u2019s Common Weakness Enumeration site](<https://cwe.mitre.org/data/definitions/20.html>).\n\n\u201cWhen software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application,\u201d according to a post on the site. \u201cThis will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.\u201d\n\n**Fending Off Exploits**\n\nAs is typical, Google did not disclose specific details of the bug until it is widely patched to avoid threat actors taking further advantage of it, a strategy that one security professional noted is a wise one.\n\n\u201cPublicizing details on an actively exploited zero-day vulnerability just as a patch becomes available could have dire consequences, because it takes time to roll out security updates to vulnerable systems and attackers are champing at the bit to exploit these types of flaws,\u201d observed Satnam Narang, senior staff research engineer at cybersecurity firm [Tenable,](<https://www.tenable.com/>) in an email to Threatpost.\n\n** **Holding back info is also sound given that other Linux distributions and browsers, such as Microsoft Edge, also include code based on Google\u2019s Chromium Project. These all could be affected if an exploit for a vulnerability is released, he said.\n\n\u201cIt is extremely valuable for defenders to have that buffer,\u201d Narang added.\n\nWhile the majority of the fixes in the update are for vulnerabilities rated as high or medium risk, Google did patch a critical bug tracked as [CVE-2022-2852](<https://vulners.com/cve/CVE-2022-2852>), a use-after-free issue in FedCM reported by Sergei Glazunov of Google Project Zero on Aug. 8. FedCM\u2014short for the Federated Credential Management API\u2013provides a use-case-specific abstraction for federated identity flows on the web, [according to Google](<https://developer.chrome.com/docs/privacy-sandbox/fedcm/>).\n\n**Fifth Chrome 0Day Patch So Far**\n\nThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.\n\nIn July, the company fixed an [actively exploited heap buffer overflow flaw](<https://threatpost.com/actively-exploited-chrome-bug/180118/>) tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) in WebRTC, the engine that gives Chrome its real-time communications capability, while in May it was a separate buffer overflow flaw tracked as [CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>) and under active attack that got slapped with a patch.\n\nIn April, Google patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), a type confusion flaw affecting Chrome\u2019s use of the V8 JavaScript engine on which attackers already had pounced. The previous month a separate type-confusion issue in V8 tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack also [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>).\n\nFebruary saw a fix for the first of this year\u2019s Chrome zero-days, a use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that already [was under attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>). Later [it was revealed](<https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/>) that North Korean hackers were exploiting the flaw weeks before it was discovered and patched.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T14:31:38", "type": "threatpost", "title": "Google Patches Chrome\u2019s Fifth Zero-Day of the Year", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2852", "CVE-2022-2856"], "modified": "2022-08-18T14:31:38", "id": "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC", "href": "https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-05T11:54:40", "description": "While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.\n\nChrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in [separate ](<https://chromereleases.googleblog.com/>)[blog posts](<https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html>) published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the browser its real-time communications capability.\n\nThe vulnerability, tracked as [CVE-2022-2294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294>) and reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1**, **is described as a buffer overflow, \u201cwhere the buffer that can be overwritten is allocated in the heap portion of memory,\u201d according to the vulnerability\u2019s [listing](<https://cwe.mitre.org/data/definitions/122.html>) on the Common Weakness Enumeration (CWE) website.\n\nAs per usual, Google did not reveal specific details about the bug, as it generally waits until most have updated to the patched version of the affected product. Indeed, updating is strongly recommended, as exploits for the vulnerability already exist in the wild, Google said.\n\nMoreover, with scant details revealed about the flaw\u2014a habit of Google\u2019s that many security researchers find frustrating\u2014at this point an update is really only way to defend against attacks exploiting the flaw. Fortunately, Google Chrome updates are pushed out without user intervention, so most users will be protected once patches are available.\n\nBuffer overflows generally lead to crashes or other attacks that make the affected program unavailable including putting the program into an infinite loop, according to the CWE listing. Attackers can take advantage of the situation by using the crash to execute arbitrary code typically outside of the scope of the program\u2019s security policy.\n\n\u201cBesides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\u2019s code,\u201d according to the listing. \u201cEven in applications that do not explicitly use function pointers, the run-time will usually leave many in memory.\u201d\n\n## **Other Fixes**\n\nIn addition to fixing the zero-day buffer overflow flaw, the Chrome releases also patch a type confusion flaw in the V8 JavaScript engine tracked as [CVE-2022-2295](<https://security-tracker.debian.org/tracker/CVE-2022-2295>) and reported June 16 by researchers \u201cavaue\u201d and \u201cBuff3tts\u201d at S.S.L., according to the post.\n\nThis is the third such flaw in the open-source engine used by Chrome and Chromium-based web browsers patched this year alone. In March a separate type-confusion issue in the V8 JavaScript engine tracked as [CVE-2022-1096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1096>) and under active attack [spurred a hasty patch](<https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/>) from Google.\n\nThen in April, the company patched [CVE-2022-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1364>), another type confusion flaw affecting Chrome\u2019s use of V8 on which attackers already had pounced.\n\nAnother flaw patched in Monday\u2019s Chrome update is a use-after-free flaw in Chrome OS Shell reported by Khalil Zhani on May 19 and tracked as [CVE-2022-2296](<https://cve.report/CVE-2022-2296>), according to Google. All of the flaws patched in this week\u2019s update received a rating of high. The updates also includes several fixes from internal audits, fuzzing and other initiatives, Google said.\n\nPrior to patching the Chrome V8 JavaScript engine flaws in March and April, Google in February already had patched a zero-day use-after-free flaw in Chrome\u2019s Animation component tracked as [CVE-2022-0609](<https://nvd.nist.gov/vuln/detail/CVE-2022-0609>) that [was under active attack](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-05T11:54:21", "type": "threatpost", "title": "Google Patches Actively Exploited Chrome Bug", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-05T11:54:21", "id": "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "href": "https://threatpost.com/actively-exploited-chrome-bug/180118/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-25T13:59:23", "description": "North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google\u2019s Chrome web browser weeks before the bug was discovered and patched, according to researchers.\n\nGoogle Threat Analysis Group (TAG) [discovered the flaw](<https://threatpost.com/google-chrome-zero-day-under-attack/178428/>), tracked as [CVE-2022-0609](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609>), on Feb. 10, reporting and patching it four days later as part of [an update](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>). Researchers said at the time that an exploit for the flaw\u2013a [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) vulnerability in Chrome\u2019s animation component\u2013already existed in the wild.\n\nGoogle TAG now revealed it believes two threat groups\u2014the activity of which has been publicly tracked as [Operation Dream Job](<https://www.clearskysec.com/operation-dream-job/>) and [Operation AppleJeus](<https://securelist.com/operation-applejeus/87553/>), respectively\u2014exploited the flaw as early as Jan. 4 in \u201ccampaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries,\u201d according to [a blog post](<https://blog.google/threat-analysis-group/countering-threats-north-korea/>) published Thursday by Google TAG\u2019s Adam Weidemann. Other organizations and countries also may have been targeted, he said.\n\n\u201cOne of the campaigns has direct infrastructure overlap with a campaign targeting security researchers which we [reported on](<https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/>) last year,\u201d he wrote. In that campaign, hackers linked to North Korea [used an elaborate social-engineering campaign](<https://threatpost.com/north-korea-security-researchers-0-day/163333/>) to set up trusted relationships with security researchers with the ultimate goal of infecting their organizations\u2019 systems with custom backdoor malware.\n\nThe two groups, though separate, used the same [exploit kit](<https://www.virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685>) in their campaigns, which signals that they may work for the same entity with a shared supply chain. However, \u201ceach operate with a different mission set and deploy different techniques,\u201d Weidemann said. It\u2019s also possible that other North Korean government-backed attackers have access to the same kit, he added.\n\n## **Two Campaigns, One Exploit**\n\nResearchers revealed specific details about both Operation Dream Job and Operation AppleJeus in the post. The former targeted more than 250 individuals working for 10 different news media, domain registrars, web hosting providers and software vendors.\n\n\u201cThe targets received emails claiming to come from recruiters at Disney, Google and Oracle with fake potential job opportunities,\u201d Weidemann explained. \u201cThe emails contained links spoofing legitimate job-hunting websites like Indeed and ZipRecruiter.\u201d\n\nIf victims clicked on the link, they would be served a hidden browser iframe that would trigger the exploit kit, he wrote. Fake job domains owned by attackers that were used in the campaign included: disneycareers[.]net, find-dreamjob[.]com, indeedus[.]org, varietyjob[.]com, and ziprecruiters[.]org.\n\nExploitation URLs associated with Operation Dream Job used in the campaign included: https[:]//colasprint[.]com/about/about.asp, a legitimate but compromised website; and https[:]//varietyjob[.]com/sitemap/sitemap.asp.\n\nOperation AppleJeus, the work of a separate North Korean threat group, targeted more than 85 users in cryptocurrency and fintech industries leveraging the same exploit kit.\n\nAttackers compromised at least two legitimate fintech company websites to host hidden iframes that served the exploit kit to visitors to the site, researchers revealed. Google TAG also observed fake websites\u2013already set up to distribute [trojanized cryptocurrency applications](<https://www.virustotal.com/gui/file/295c20d0f0a03fd8230098fade0af910b2c56e9e5700d4a3344d10c106a6ae2a>)\u2014that hosted malicious iframes pointing their visitors to the exploit kit, Weidemann wrote.\n\nAttacker-owned websites observed in Operation AppleJeus included one dozen sites including: blockchainnews[.]vip, financialtimes365[.]com and giantblock[.]org, according to the post.\n\n## **Exploit Kit Revealed (Partially)**\n\nResearchers managed to recover key aspects of the functionality of the exploit kit used in both campaigns, which employed multiple stages and components to target users. Links to the exploit were placed in hidden iframes on websites that attackers either owned or had previously compromised, Weidemann wrote.\n\n\u201cThe kit initially serves some heavily obfuscated javascript used to fingerprint the target system,\u201d he explained. \u201cThis script collected all available client information such as the user-agent, resolution, etc. and then sent it back to the exploitation server.\u201d\n\nIf the data sent to the server met a set of unknown requirements, the client would be served a Chrome RCE exploit and some additional javascript. If the RCE was successful, the javascript would request the next stage referenced within the script as \u201cSBX,\u201d which is a common acronym for Sandbox Escape.\n\nResearchers were unable to recover the stages of exploit that followed the initial RCE because attackers took care to protect their exploits, deploying various safeguards, Weidemann said.\n\nThose tactics included only serving the iframe at specific times\u2013presumably when attackers knew an intended target would be visiting the site, he said. In some email campaigns, attackers also sent targets links with unique IDs that potentially were used to enforce a one-time-click policy for each link. This would allow the exploit kit to only be served once, Weidemann said.\n\nAttackers also used Advanced Encryption Standard (AES) encryption for each stage, including the clients\u2019 responses using a session-specific key. Finally, additional stages of the exploit were only served if the previous one was successful; if not, the next stage was not served, researchers found.\n\n_**Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our **_[_**FREE downloadable eBook**_](<https://bit.ly/3Jy6Bfs>)_**, \u201cCloud Security: The Forecast for 2022.\u201d**_ _**We explore organizations\u2019 top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.**_\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-25T13:19:59", "type": "threatpost", "title": "Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2022-0609"], "modified": "2022-03-25T13:19:59", "id": "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2", "href": "https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-12-14T08:08:58", "description": "Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug ([CVE-2022-4262](<https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html>); _QID 377804_) is a Type Confusion vulnerability in Chrome\u2019s V8 JavaScript Engine.\n\nGoogle has withheld details about the vulnerability to prevent expanding its malicious exploitation and to allow users time to apply the security updates necessary on their Chrome installations.\n\nGoogle\u2019s previous zero-days were also released right before a weekend (see [Don\u2019t spend another weekend patching Chrome](<https://blog.qualys.com/product-tech/2022/10/28/chrome-zero-day-cve-2022-3723>) and [Don\u2019t Spend Your Holiday Season Patching Chrome](<https://blog.qualys.com/product-tech/patch-management/2022/11/29/dont-spend-your-holiday-season-patching-chrome>)).\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/Picture1.jpg)\n\n## Organizations respond, but slowly\n\nAnalyzing anonymized data from the Qualys data lake, the Qualys Threat Research Unit found for Chrome zero-day vulnerabilities introduced between February and August, more than 90% of these instances were remediated. However, it took 11-21 days to remediate via the Chrome patch. With the frequency of vulnerabilities released in this widely used browser and the fact that browsers, by their nature, are more exposed to external attacks, reducing the MTTR for those Chrome vulnerabilities is critical.\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/12/image.png)2022 Chrome Zero-Day Vulnerabilities, MTTR\n\nOf the nine Chrome zero-day threats this year, five were introduced just before the weekend on a Thursday or Friday. Organizations that don't leverage automated patching must spend the weekend or holiday working on the manual, lengthy process of detecting vulnerable devices, preparing the Chrome patch, testing it, and deploying it to affected assets.\n\nCVE| Release Date| Day of the Week| Vulnerability Remediation Rate \n---|---|---|--- \nCVE-2022-0609| 2/14/2022| Monday| 94% \nCVE-2022-1096| 3/25/2022| **Friday**| 94% \nCVE-2022-1364| 4/14/2022| **Thursday**| 93% \nCVE-2022-2294| 7/4/2022| Monday| 93% \nCVE-2022-2856| 8/16/2022| Tuesday| 91% \nCVE-2022-3075| 9/2/2022| **Friday**| 85% \nCVE-2022-3723| 10/27/2022| **Thursday**| 65% \nCVE-2022-4135| 11/24/2022| **Thursday (Thanksgiving)**| 52% \nCVE-2022-4262| 12/2/2022| **Friday**| NA \n2022 Chrome Zero-Day vulnerability release dates and percentage of remediation\n\n## Qualys Patch Management speeds remediation\n\nThe Qualys Threat Research Unit has found on average critical vulnerabilities are weaponized in 15.9 days. Significantly reducing MTTR shortens the exposure window and improves an organization's risk posture.\n\n[Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) with Zero-Touch Patching allows organizations to use their Qualys Cloud Agent for vulnerability management and to deploy third-party application patches, including Chrome. If the Qualys Cloud Agent is installed on an asset, customers can patch it, regardless of any other deployed patch solution. By defining a simple zero-touch policy, assets can automatically deploy patches when the vendor releases a new one. If testing patches like Chrome is required before production deployment, automatically setup a zero-touch policy to deploy to a set of test devices before deploying the same tested patches to production devices.\n\nIf you are a Qualys customer without Patch Management, a [trial](<https://www.qualys.com/apps/patch-management/>) can be enabled quickly, leveraging the same agent used with VMDR. This allows you to immediately deploy the Chrome patch to your environment and create those automation jobs to ensure that the next time Google or any other vendor releases a patch, your assets are automatically updated.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-03T05:24:27", "type": "qualysblog", "title": "The 9th Google Chrome Zero-Day Threat this Year \u2013 Again Just Before the Weekend", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-1096", "CVE-2022-1364", "CVE-2022-2294", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-3723", "CVE-2022-4135", "CVE-2022-4262"], "modified": "2022-12-03T05:24:27", "id": "QUALYSBLOG:058E013CF475F33D6DEBB8955340D15B", "href": "https://blog.qualys.com/category/product-tech/patch-management", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-08T17:32:02", "description": "Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability ([CVE-2022-3075)](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was released just before the Labor Day weekend when many IT and Cybersecurity staffers were on vacation and unable to respond to the vulnerability in a timely manner.\n\nThis event highlights the importance of responding quickly to the ever-growing volume of vulnerabilities introduced to your organization's network as a result of third-party applications installed by either IT or end users. Browsers are the most common application by far, but many others such as iTunes, VLC Media Player, and other \u201cuser-oriented\u201d applications are also frequently installed. When put into perspective, the total risk presented by third-party applications often exceeds the risk coming from native Windows operating systems. \n\nHere's the bottom line: Many organizations are severely challenged to respond quickly to these unexpected high-severity surprises. Why? They're too busy simultaneously managing other mission-critical tasks and processes across their IT and Cybersecurity teams.\n\nThe solution for many organizations is the use of \u201cSmart Automation.\u201d \n\n## How Smart Automation Reduces Zero-Day Risks\n\nSmart Automation entails a risk-focused approach to remediation; it is _not_ patch focused. Using risk as a guide entails analyzing a customer\u2019s environment for cybersecurity risk, and then recommending efficient automation jobs that will automatically remediate devices to address current and future risk. The use of a risk-based approach must include assessment of operational risks that could be affected by automated remediation. For example, automatically patching medical devices as soon as a new zero-day threat is disclosed may be great for cybersecurity; but could put patient health in danger if the patch breaks the device's proper operation.\n\nTo help IT and Cybersecurity teams prepare for Smart Automation, we recommend starting with this four-point framework:\n\n 1. **Map your vulnerabilities.** Map your environment for the different types of vulnerable assets you have and the teams that manage them. For example, most organizations will have a team that manages end user workstations, another team that manages servers, and multiple line-of-business owners that manage the different servers running production applications.\n 2. **Focus on risk. **By definition, the more vulnerabilities you have, the greater risk your organization faces. Not to mention all the additional work for remediation. By leveraging automation and focusing on the products that are generating the largest number of vulnerabilities, you can get ahead of the problem and mitigate this increased risk. \n 3. **Understand operational risk. **Work with the teams responsible for your various production environments to analyze any potential operational risks posed by deploying patches to those products. \n 4. **Adopt Smart Automation. **Leverage automation with devices that introduce the most risk, and at the same time have minimal operational impact. The essence of Smart Automation is combining points #2 and #3.\n\n## Using Qualys and Zero-Touch Patching to Reduce Risk\n\nAs part of [Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) (PM), Zero-Touch Patching intelligently identifies the riskiest products in your environment. It helps create automation jobs to automatically deploy the proper patches and configuration changes required for remediating vulnerabilities. It also leverages [Qualys Vulnerability Management, Detection, and Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) to prioritize work based on real-time threat indicators.\n\nGoogle\u2019s zero-day patch for the Chrome browser presents a good example of how Qualys helps address this four-point framework. Customers running Qualys PM tell us that Chrome is by far the riskiest application \u2013 even more than Windows OS. In consulting their IT/end user computing teams, many organizations have concluded that patching Chrome automatically on all workstations is low-hanging fruit, an easy win.\n\nUsing Zero-Touch Patching to ensure that Chrome is always up-to-date will minimize the top cybersecurity risk to workstations, while keeping operational risks extremely low. Many Qualys PM customers say workstation teams have never seen a Chrome patch break a business process. By leveraging Zero-Touch Patch jobs, new Chrome zero-day threats do not require any extra work from the IT team since automation will take care of it.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/09/chrome2-1070x602.png)\n\n## Leveraging the \u201cAuto Update\u201d Feature for Chrome and Other Third-Party Applications\n\nSome third-party applications including Chrome provide the ability to self-update automatically. This is a welcome feature, so Qualys encourages IT and Cybersecurity teams to have this enabled throughout the enterprise. However, enabling auto-update alone does not ensure that any given software update was successful, while tracking the result status is often difficult.\n\nQualys recommends that organizations use Zero-Touch Patching side-by-side with the auto-update feature to ensure that patches are always deployed. Our solution also allows teams to monitor successful completion of their recently executed jobs.\n\nIf you haven\u2019t had a chance to try Qualys Patch Management, we encourage you to see for yourself how easy it is to get the benefits of Zero-Touch Patching. [Sign up for a free trial](<https://www.qualys.com/free-trial/>). Qualys Patch Management automatically integrates with all other Qualys cloud services you may already be using.", "cvss3": {}, "published": "2022-09-07T22:24:12", "type": "qualysblog", "title": "Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-07T22:24:12", "id": "QUALYSBLOG:9404839CD3C8BAC4F52CB2E5E91BC85E", "href": "https://blog.qualys.com/category/qualys-insights", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-30T22:05:09", "description": "Last week, Google released yet another zero-day patch for its Chrome browser to fix a high-severity flaw that was already being exploited. That vulnerability ([CVE-2022-3075)](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) is the sixth actively exploited zero-day found in Chrome this year. While users are grateful for the urgent patch, it was released just before the Labor Day weekend when many IT and Cybersecurity staffers were on vacation and unable to respond to the vulnerability in a timely manner.\n\nThis event highlights the importance of responding quickly to the ever-growing volume of vulnerabilities introduced to your organization's network as a result of third-party applications installed by either IT or end users. Browsers are the most common application by far, but many others such as iTunes, VLC Media Player, and other \u201cuser-oriented\u201d applications are also frequently installed. When put into perspective, the total risk presented by third-party applications often exceeds the risk coming from native Windows operating systems. \n\nHere's the bottom line: Many organizations are severely challenged to respond quickly to these unexpected high-severity surprises. Why? They're too busy simultaneously managing other mission-critical tasks and processes across their IT and Cybersecurity teams.\n\nThe solution for many organizations is the use of \u201cSmart Automation.\u201d \n\n## How Smart Automation Reduces Zero-Day Risks\n\nSmart Automation entails a risk-focused approach to remediation; it is _not_ patch focused. Using risk as a guide entails analyzing a customer\u2019s environment for cybersecurity risk, and then recommending efficient automation jobs that will automatically remediate devices to address current and future risk. The use of a risk-based approach must include assessment of operational risks that could be affected by automated remediation. For example, automatically patching medical devices as soon as a new zero-day threat is disclosed may be great for cybersecurity; but could put patient health in danger if the patch breaks the device's proper operation.\n\nTo help IT and Cybersecurity teams prepare for Smart Automation, we recommend starting with this four-point framework:\n\n 1. **Map your vulnerabilities.** Map your environment for the different types of vulnerable assets you have and the teams that manage them. For example, most organizations will have a team that manages end user workstations, another team that manages servers, and multiple line-of-business owners that manage the different servers running production applications.\n 2. **Focus on risk. **By definition, the more vulnerabilities you have, the greater risk your organization faces. Not to mention all the additional work for remediation. By leveraging automation and focusing on the products that are generating the largest number of vulnerabilities, you can get ahead of the problem and mitigate this increased risk. \n 3. **Understand operational risk. **Work with the teams responsible for your various production environments to analyze any potential operational risks posed by deploying patches to those products. \n 4. **Adopt Smart Automation. **Leverage automation with devices that introduce the most risk, and at the same time have minimal operational impact. The essence of Smart Automation is combining points #2 and #3.\n\n## Using Qualys and Zero-Touch Patching to Reduce Risk\n\nAs part of [Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) (PM), Zero-Touch Patching intelligently identifies the riskiest products in your environment. It helps create automation jobs to automatically deploy the proper patches and configuration changes required for remediating vulnerabilities. It also leverages [Qualys Vulnerability Management, Detection, and Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) to prioritize work based on real-time threat indicators.\n\nGoogle\u2019s zero-day patch for the Chrome browser presents a good example of how Qualys helps address this four-point framework. Customers running Qualys PM tell us that Chrome is by far the riskiest application \u2013 even more than Windows OS. In consulting their IT/end user computing teams, many organizations have concluded that patching Chrome automatically on all workstations is low-hanging fruit, an easy win.\n\nUsing Zero-Touch Patching to ensure that Chrome is always up-to-date will minimize the top cybersecurity risk to workstations, while keeping operational risks extremely low. Many Qualys PM customers say workstation teams have never seen a Chrome patch break a business process. By leveraging Zero-Touch Patch jobs, new Chrome zero-day threats do not require any extra work from the IT team since automation will take care of it.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/09/chrome2-1070x602.png)Create Zero-Touch Patching jobs for remediating vulnerabilities based on risk\n\n## Leveraging the \u201cAuto Update\u201d Feature for Chrome and Other Third-Party Applications\n\nSome third-party applications including Chrome provide the ability to self-update automatically. This is a welcome feature, so Qualys encourages IT and Cybersecurity teams to have this enabled throughout the enterprise. However, enabling auto-update alone does not ensure that any given software update was successful, while tracking the result status is often difficult.\n\nQualys recommends that organizations use Zero-Touch Patching side-by-side with the auto-update feature to ensure that patches are always deployed. Our solution also allows teams to monitor successful completion of their recently executed jobs.\n\nIf you haven\u2019t had a chance to try Qualys Patch Management, we encourage you to see for yourself how easy it is to get the benefits of Zero-Touch Patching. [Sign up for a free trial](<https://www.qualys.com/free-trial/>). Qualys Patch Management automatically integrates with all other Qualys cloud services you may already be using.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-08T17:52:58", "type": "qualysblog", "title": "Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-08T17:52:58", "id": "QUALYSBLOG:55DEB69D0C94AA59433F0E33F7B45AEC", "href": "https://blog.qualys.com/category/qualys-insights", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-15T23:58:32", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 84 vulnerabilities (aka flaws) in the July 2022 update, including four (4) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday cumulative Windows update includes the fix for one (1) actively exploited zero-day vulnerability ([CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)). Earlier this month, July 6, 2022, Microsoft also released two (2) Microsoft Edge (Chromium-Based) security updates as well.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Tampering.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation (in the wild) except for [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>), a Windows CSRSS Elevation of Privilege Vulnerability.\n\n## The July 2022 Microsoft vulnerabilities are classified as follows: \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-JULY-IMPACT-1.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/07/13/microsoft-patches-84-vulnerabilities-including-one-zero-day-and-four-critical-in-the-july-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>) | Windows CSRSS Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nElevation of Privilege - Important - An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. (Article [5015874](<https://support.microsoft.com/help/5015874>))\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n# **Microsoft Critical Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul>) covers multiple Microsoft product families, including Azure, Browser, ESU, Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 63 unique Microsoft products/versions are affected.\n\nDownloads include Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30221](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221>) | Windows Graphics Component Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.\n\nWindows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 are only affected by this vulnerability if either RDP 8.0 or RDP 8.1 is installed. If you do not have either of these versions of RDP installed on Windows 7 SP1 or Window Server 2008 R2 SP1, then you are not affected by this vulnerability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Microsoft Last But Not Least**\n\nEarlier in July, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) and [CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released four (4) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 27 vulnerabilities affecting Adobe Acrobat, Character Animator, Photoshop, Reader, and RoboHelp applications. Of these 27 vulnerabilities, 18 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 6.5/10 to 7.8/10, as summarized below.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-JULY-ADOBE.png)\n\n* * *\n\n### [APSB22-10](<https://helpx.adobe.com/security/products/robohelp/apsb22-10.html>) | Security update available for RoboHelp\n\nThis update resolves one (1) [**_Important_** ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for RoboHelp. This update resolves a vulnerability rated [important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to arbitrary code execution in the context of current user. \n\n* * *\n\n### [APSB22-32](<https://helpx.adobe.com/security/products/acrobat/apsb22-32.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves 22 vulnerabilities; 15 **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and seven (7) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_**[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2**_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>), and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-34](<https://helpx.adobe.com/security/products/character_animator/apsb22-34.html>) | Security Updates Available for Adobe Character Animator\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>) _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution.\n\n* * *\n\n### [APSB22-35](<https://helpx.adobe.com/security/products/photoshop/apsb22-35.html>) | Security update available for Adobe Photoshop\n\nThis update resolves two (2) vulnerabilities; one (1) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and one (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability and an [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n* * *\n\n# Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-VMDR-1-1070x451.png)\n\n* * *\n\n# Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-Patch-1070x451.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n![This image has an empty alt attribute; its file name is image-1070x560.jpeg](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T20:09:23", "type": "qualysblog", "title": "July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-30190", "CVE-2022-30221"], "modified": "2022-07-12T20:09:23", "id": "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-11-20T23:25:26", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-07-28T02:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T15:54:00", "id": "PRION:CVE-2022-2294", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:33:59", "description": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-09-26T16:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2022-10-27T19:01:00", "id": "PRION:CVE-2022-2856", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-20T23:18:44", "description": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-26T22:15:00", "type": "prion", "title": "Type confusion", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-08-30T17:55:00", "id": "PRION:CVE-2022-1364", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-1364", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:18:14", "description": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-23T00:15:00", "type": "prion", "title": "Type confusion", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-10-27T22:50:00", "id": "PRION:CVE-2022-1096", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-1096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:17:25", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-08T17:14:00", "id": "PRION:CVE-2022-0609", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T23:37:22", "description": "Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2022-09-26T16:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2023-11-07T03:50:00", "id": "PRION:CVE-2022-3075", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-3075", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T14:50:20", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "cve", "title": "CVE-2022-2294", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-11-25T11:15:00", "cpe": ["cpe:/o:apple:mac_os_x:10.15.7", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:fedoraproject:extra_packages_for_enterprise_linux:8.0", "cpe:/a:webrtc_project:webrtc:-", "cpe:/o:fedoraproject:fedora:36"], "id": "CVE-2022-2294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:16:27", "description": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-26T16:15:00", "type": "cve", "title": "CVE-2022-2856", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2023-11-07T03:46:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-2856", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:31:29", "description": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-26T22:15:00", "type": "cve", "title": "CVE-2022-1364", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-08-30T17:55:00", "cpe": [], "id": "CVE-2022-1364", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1364", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:26:44", "description": "Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-26T16:15:00", "type": "cve", "title": "CVE-2022-3075", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2023-11-07T03:50:00", "cpe": ["cpe:/o:fedoraproject:fedora:37"], "id": "CVE-2022-3075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3075", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:27:30", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:15:00", "type": "cve", "title": "CVE-2022-0609", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-08T17:14:00", "cpe": [], "id": "CVE-2022-0609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T14:30:00", "description": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-23T00:15:00", "type": "cve", "title": "CVE-2022-1096", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-10-27T22:50:00", "cpe": [], "id": "CVE-2022-1096", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "mscve": [{"lastseen": "2023-12-03T21:51:05", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T16:32:48", "type": "mscve", "title": "Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-07T07:00:00", "id": "MS:CVE-2022-2294", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:51:32", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n\nGoogle is aware that an exploit for CVE-2022-1364 exists in the wild.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-15T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-1364: Type Confusion in V8", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-15T07:00:00", "id": "MS:CVE-2022-1364", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-1364", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n\nGoogle is aware that an exploit for CVE-2022-2856 exists in the wild.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-17T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-2856 Insufficient validation of untrusted input in Intents", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2022-08-17T07:00:00", "id": "MS:CVE-2022-2856", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T21:52:10", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information. Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-16T08:00:00", "type": "mscve", "title": "Chromium: CVE-2022-0609 Use after free in Animation", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-16T08:00:00", "id": "MS:CVE-2022-0609", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:50:25", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information. Google is aware of reportsrts that an exploit for CVE-2022-3075 exists in the wild.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-02T22:09:51", "type": "mscve", "title": "Chromium: CVE-2022-3075 Insufficient data validation in Mojo", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-02T22:09:51", "id": "MS:CVE-2022-3075", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3075", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:51:57", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n\nGoogle is aware that an exploit for CVE-2022-1096 exists in the wild.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-26T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-1096 Type Confusion in V8", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-05-10T07:00:00", "id": "MS:CVE-2022-1096", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-1096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-06-14T20:06:12", "description": "chromium is vulnerable to a heap buffer overflow. The vulnerability allows an attacker to crash the system through potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-17T17:23:34", "type": "veracode", "title": "Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-11-29T18:06:53", "id": "VERACODE:36373", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36373/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T20:02:37", "description": "chromium is vulnerable to improper input validation. The vulnerability exists due to the library does not properly validate user input in `Intents` \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-01T10:44:46", "type": "veracode", "title": "Improper Input Validation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2022-10-27T20:15:02", "id": "VERACODE:36889", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36889/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-16T19:23:50", "description": "Google Chrome is vulnerable to type confusion. A remote attacker is able to exploit a heap memory corruption issue via a crafted HTML page, which leads to a use-after-free state in `V8 Turbofan` engine.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-17T09:55:05", "type": "veracode", "title": "Type Confusion", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2022-08-15T14:27:23", "id": "VERACODE:35135", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35135/summary", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-17T12:39:54", "description": "chromium is vulnerable to use after free. The vulnerability exists in Optimization Guide which allows an attacker to cause a memory corruption.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-20T05:48:53", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-23T17:29:37", "id": "VERACODE:34289", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34289/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-28T01:14:58", "description": "Chrome is vulnerable to denial of service. The vulnerability exists due to a Type Confusion in V8 which allows an attacker to cause an application crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-29T09:45:40", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2022-10-28T00:15:52", "id": "VERACODE:34866", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34866/summary", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-03T19:55:21", "description": "chromium is vulnerable to improper input validation. The vulnerability exists due to improper input validation in `Mojo` extension, which allows a remote attacker to perform a sandbox escape via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-16T19:26:35", "type": "veracode", "title": "Improper Input Validation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-10-27T20:14:55", "id": "VERACODE:37091", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37091/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T15:19:48", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "debiancve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T02:15:00", "id": "DEBIANCVE:CVE-2022-2294", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:48", "description": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-26T16:15:00", "type": "debiancve", "title": "CVE-2022-2856", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2022-09-26T16:15:00", "id": "DEBIANCVE:CVE-2022-2856", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T15:19:47", "description": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-26T22:15:00", "type": "debiancve", "title": "CVE-2022-1364", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-07-26T22:15:00", "id": "DEBIANCVE:CVE-2022-1364", "href": "https://security-tracker.debian.org/tracker/CVE-2022-1364", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:47", "description": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-23T00:15:00", "type": "debiancve", "title": "CVE-2022-1096", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-07-23T00:15:00", "id": "DEBIANCVE:CVE-2022-1096", "href": "https://security-tracker.debian.org/tracker/CVE-2022-1096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T18:24:10", "description": "Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-26T16:15:00", "type": "debiancve", "title": "CVE-2022-3075", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-26T16:15:00", "id": "DEBIANCVE:CVE-2022-3075", "href": "https://security-tracker.debian.org/tracker/CVE-2022-3075", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:19:47", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:15:00", "type": "debiancve", "title": "CVE-2022-0609", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-05T00:15:00", "id": "DEBIANCVE:CVE-2022-0609", "href": "https://security-tracker.debian.org/tracker/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-05T13:34:13", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T00:00:00", "id": "UB:CVE-2022-2294", "href": "https://ubuntu.com/security/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T13:34:32", "description": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-26T00:00:00", "type": "ubuntucve", "title": "CVE-2022-1364", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-07-26T00:00:00", "id": "UB:CVE-2022-1364", "href": "https://ubuntu.com/security/CVE-2022-1364", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T13:30:55", "description": "Insufficient validation of untrusted input in Intents in Google Chrome on\nAndroid prior to 104.0.5112.101 allowed a remote attacker to arbitrarily\nbrowse to a malicious website via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-26T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2856", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2022-09-26T00:00:00", "id": "UB:CVE-2022-2856", "href": "https://ubuntu.com/security/CVE-2022-2856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-05T13:34:44", "description": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a\nremote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2022-1096", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-07-23T00:00:00", "id": "UB:CVE-2022-1096", "href": "https://ubuntu.com/security/CVE-2022-1096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T13:40:59", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed\na remote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "ubuntucve", "title": "CVE-2022-0609", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-05T00:00:00", "id": "UB:CVE-2022-0609", "href": "https://ubuntu.com/security/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T13:30:49", "description": "Insufficient data validation in Mojo in Google Chrome prior to\n105.0.5195.102 allowed a remote attacker who had compromised the renderer\nprocess to potentially perform a sandbox escape via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-26T00:00:00", "type": "ubuntucve", "title": "CVE-2022-3075", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-26T00:00:00", "id": "UB:CVE-2022-3075", "href": "https://ubuntu.com/security/CVE-2022-3075", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-10-13T22:33:51", "description": "A heap buffer overflow vulnerability exists in Google Chrome WebRTC. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-22T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome WebRTC Heap Buffer Overflow (CVE-2022-2294)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-09-22T00:00:00", "id": "CPAI-2022-0566", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-08T19:29:13", "description": "A use after free vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-27T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Use After Free (CVE-2022-0609)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-27T00:00:00", "id": "CPAI-2022-0094", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-12-03T16:03:10", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T02:15:00", "type": "alpinelinux", "title": "CVE-2022-2294", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-11-25T11:15:00", "id": "ALPINE:CVE-2022-2294", "href": "https://security.alpinelinux.org/vuln/CVE-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:10", "description": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-26T22:15:00", "type": "alpinelinux", "title": "CVE-2022-1364", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-08-30T17:55:00", "id": "ALPINE:CVE-2022-1364", "href": "https://security.alpinelinux.org/vuln/CVE-2022-1364", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:11", "description": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-23T00:15:00", "type": "alpinelinux", "title": "CVE-2022-1096", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-10-27T22:50:00", "id": "ALPINE:CVE-2022-1096", "href": "https://security.alpinelinux.org/vuln/CVE-2022-1096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:11", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:15:00", "type": "alpinelinux", "title": "CVE-2022-0609", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-04-08T17:14:00", "id": "ALPINE:CVE-2022-0609", "href": "https://security.alpinelinux.org/vuln/CVE-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:03:15", "description": "Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-26T16:15:00", "type": "alpinelinux", "title": "CVE-2022-3075", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2023-11-07T03:50:00", "id": "ALPINE:CVE-2022-3075", "href": "https://security.alpinelinux.org/vuln/CVE-2022-3075", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2022-08-04T20:00:29", "description": "Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Candiru(Saito Tech) spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability in WebRTC is a heap-based buffer overflow. Its successful exploitation may result in code execution on the targeted device.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T06:06:37", "type": "hivepro", "title": "Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2294"], "modified": "2022-07-28T06:06:37", "id": "HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809", "href": "https://www.hivepro.com/spyware-group-candiru-exploits-chrome-zero-day-to-target-middle-east/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-19T06:02:50", "description": "Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A vulnerability(CVE-2022-2856) in Google Chrome, has been exploited in the wild. Additionally, Chrome has addressed several other use-after-free vulnerabilities in multiple components, including FedCM, SwiftShader, ANGLE, and Blink.", "cvss3": {}, "published": "2022-08-19T04:40:16", "type": "hivepro", "title": "Chrome\u2019s zero-day flaw allows arbitrary code execution", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2856"], "modified": "2022-08-19T04:40:16", "id": "HIVEPRO:775874796CA18FB04371F74991273C7B", "href": "https://www.hivepro.com/chromes-zero-day-flaw-allows-arbitrary-code-execution/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-18T00:19:11", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in Google Chrome versions prior to 100.0.4896.127. A type of confusion vulnerability tracked as CVE-2022-1364, is said to be exploited in the wild. This vulnerability affects the V8 component, which is used to parse JavaScript code in Google Chrome. A type of confusion refers to code errors in which an app begins data execution processes with a given \u201ctype\u201d of input but is deceived into considering the input as a different \u201ctype\u201d. The \u201ctype confusion\u201d causes logical mistakes in the memory of the software. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the browser. We recommend organizations update to Chrome 100.0.4896.127 for Windows, Mac and Linux to avoid exploitation and mitigate any potential threats. Potential MITRE ATT&CK TTPs are: TA0042: Resource Development T1588: Obtain Capabilities T1588.006: Obtain Capabilities: Vulnerabilities TA0001: Initial Access T1190: Exploit Public-Facing Application Vulnerability Detail Patch Links https://www.google.com/intl/en/chrome/?standalone=1 References https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html", "cvss3": {}, "published": "2022-04-17T21:38:48", "type": "hivepro", "title": "Google Chrome issues an emergency update to address the third zero-day of year 2022", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-17T21:38:48", "id": "HIVEPRO:573E7326CF205779BA6C4D3AB8DDB736", "href": "https://www.hivepro.com/google-chrome-issues-an-emergency-update-to-address-the-third-zero-day-of-year-2022/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-25T14:28:59", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability (CVE-2022-0609) in Google Chrome's web browser. The attack mainly targets firms situated in the United States, particularly those in the industries of news media, information technology, cryptocurrency, and finance. However, other organizations and countries are also on the list of attackers. The campaign begins by sending them phishing emails purporting to be from recruiters at Disney, Google, and Oracle, offering them false employment opportunities. The emails included links to bogus job-search websites such as Indeed and ZipRecruiter. Targets who clicked on the included malicious URLs were infected with drive-by browser malware downloads. The North Korean groups were utilizing an exploit kit (CVE-2022-0609) with hidden iframes embedded into a variety of websites. The attack kit may fingerprint target devices by collecting details like user-agent and screen resolution. After that the exploit kit executes a Chrome remote code execution hack capable of bypassing the lauded Chrome sandbox to move out onto the system. The Mitre TTPs commonly used by Lazarus Group are: TA0001: Initial AccessTA0007: DiscoveryTA0040: ImpactTA0009: CollectionTA0005: Defense EvasionTA0003: PersistenceTA0011: Command and ControlTA0042: Resource DevelopmentTA0002: ExecutionTA0008: Lateral MovementTA0006: Credential AccessTA0029: Privilege EscalationTA0010: ExfiltrationT1134.002: Access Token Manipulation: Create Process with TokenT1098: Account ManipulationT1583.001: Acquire Infrastructure: DomainsT1583.006: Acquire Infrastructure: Web ServicesT1071.001: Application Layer Protocol: Web ProtocolsT1010: Application Window DiscoveryT1560: Archive Collected DataT1560.002: Archive via LibraryT1560.003: Archive via Custom MethodT1547.001: Boot or Logon Autostart Execution: Registry Run Keys / Startup FolderT1547.009: Boot or Logon Autostart Execution: Shortcut ModificationT1110.003: Brute Force: Password SprayingT1059.003: Command and Scripting Interpreter: Windows Command ShellT1543.003: Create or Modify System Process: Windows ServiceT1485: Data DestructionT1132.001: Data Encoding: Standard EncodingT1005: Data from Local SystemT1001.003: Data Obfuscation: Protocol ImpersonationT1074.001: Data Staged: Local Data StagingT1491.001: Defacement: Internal DefacementT1587.001: Develop Capabilities: MalwareT1561.001: Disk Wipe: Disk Content WipeT1561.002: Disk Wipe: Disk Structure WipeT1189: Drive-by CompromiseT1573.001: Encrypted Channel: Symmetric CryptographyT1048.003: Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolT1041: Exfiltration Over C2 ChannelT1203: Exploitation for Client ExecutionT1008: Fallback ChannelsT1083: File and Directory DiscoveryT1564.001: Hide Artifacts: Hidden Files and DirectoriesT1562.001: Impair Defenses: Disable or Modify ToolsT1562.004: Impair Defenses: Disable or Modify System FirewallT1070.004: Indicator Removal on Host: File DeletionT1070.006: Indicator Removal on Host: TimestompT1105: Ingress Tool TransferT1056.001: Input Capture: KeyloggingT1036.005: Masquerading: Match Legitimate Name or LocationT1571: Non-Standard PortT1027: Obfuscated Files or InformationT1588.004: Obtain Capabilities: Digital CertificatesT1566.001: Phishing: Spearphishing AttachmentT1542.003: Pre-OS Boot: BootkitT1057: Process DiscoveryT1055.001: Process Injection: Dynamic-link Library InjectionT1090.002: Proxy: External ProxyT1012: Query RegistryT1021.001: Remote Services: Remote Desktop ProtocolT1021.002: Remote Services: SMB/Windows Admin SharesT1489: Service StopT1218.001: Signed Binary Proxy Execution: Compiled HTML FileT1082: System Information DiscoveryT1016: System Network Configuration DiscoveryT1033: System Owner/User DiscoveryT1529: System Shutdown/RebootT1124: System Time DiscoveryT1204.002: User Execution: Malicious FileT1047: Windows Management Instrumentation Actor Details Vulnerability Details Indicators of Compromise (IoCs) Patch https://www.google.com/intl/en/chrome/?standalone=1 References https://blog.google/threat-analysis-group/countering-threats-north-korea/", "cvss3": {}, "published": "2022-03-25T14:16:43", "type": "hivepro", "title": "North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-25T14:16:43", "id": "HIVEPRO:D7EA1CB0468E749402CDC827EECBB9DE", "href": "https://www.hivepro.com/north-korean-state-sponsored-threat-actor-lazarus-group-exploiting-chrome-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-06T06:07:10", "description": "Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary There is a vulnerability in the Chrome browser, identified as CVE-2022-3075, that is actively exploited in the wild.", "cvss3": {}, "published": "2022-09-06T03:23:38", "type": "hivepro", "title": "Google Chrome browser suffers from another zero-day vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-06T03:23:38", "id": "HIVEPRO:361A2FB730C7ECAF024FD15C73EB6E93", "href": "https://www.hivepro.com/google-chrome-browser-suffers-from-another-zero-day-vulnerability/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-15T15:29:27", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Google released a stable channel update for their Chrome browser that contains a zero-day vulnerability and is actively being exploited-in-wild. This is the first zero-day bug reported in Chrome browser this year. A Use-After-Free (UAF) vulnerability which has been assigned CVE-2022-0609 affects the Animation component that may allow attackers to corrupt data, crash program or execute arbitrary code on computers running unpatched Chrome versions or escape the browser's security sandbox. Successful exploitation of this issue may lead to data corruption, program crash or arbitrary code execution. In recent browser versions, a number of controls have been introduced that make exploitation of these use after free vulnerabilities much harder but despite this, they still seem to persist. In addition to the zero-day bug, this update fixed seven other security vulnerabilities as mentioned in the table below. We recommend organizations to update to Chrome 98.0.4758.102 for Windows, Mac and Linux to avoid exploitation and mitigate any potential threats. Potential MITRE ATT&CK TTPs are: TA0040 - Impact TA0001 - Initial Access TA0002 - Execution T1499- Endpoint Denial of Service T1189- Drive-by Compromise T1190- Exploit-public facing application T1203- Exploitation for Client Execution T1499.004- Endpoint Denial of Service: Application or System Exploitation Vulnerability Details Patch Link https://www.google.com/intl/en/chrome/?standalone=1 References https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html", "cvss3": {}, "published": "2022-02-15T14:31:12", "type": "hivepro", "title": "First zero-day vulnerability of Google Chrome this year actively exploited in wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-15T14:31:12", "id": "HIVEPRO:1BF741505EB0E48023B5A5F80FE0F3EB", "href": "https://www.hivepro.com/first-zero-day-vulnerability-of-google-chrome-this-year-actively-exploited-in-wild/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-30T07:42:21", "description": "For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10 gained the attention of Threat Actors and security researchers worldwide. Among these 10, there was 1 which is undergoing reanalysis, and 2 were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 10 CVEs that require immediate action. Furthermore, we also observed five threat actor groups being highly active in the last week. The Lapsus$, a new extortion threat actor group had attacked popular organizations such as Brazilian Ministry of Health, NVIDIA, Samsung, Vodafone, Ubisoft, Octa, and Microsoft for data theft and destruction, was observed using the Redline info-stealer. Additionally, North Korean state hackers known as Lazarus group, was exploiting the zero-day vulnerability in Google Chrome's web browser (CVE-2022-0609). AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted 50+ organizations is currently exploiting Proxy Shell vulnerabilities (CVE-2021-31206, CVE-2021-31207, CVE-2021-34523, CVE-2021-34473, CVE-2021-26855). The threat actor APT35 aka Magic Hound, an Iranian-backed threat group is exploiting the Proxy Shell vulnerabilities to attack organizations across the globe. Another South Korean APT group DarkHotel was targeting the hospitality industry in China. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section below. Detailed Report: Interesting Vulnerabilities: Vendor CVEs Patch Link CVE-2021-34484 CVE-2022-21919 https://central.0patch.com/auth/login CVE-2022-0609* CVE-2022-1096* https://www.google.com/intl/en/chrome/?standalone=1 CVE-2021-31206 CVE-2021-31207 CVE-2021-34523 CVE-2021-34473 CVE-2021-26855 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31206 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855 CVE-2022-0543 https://security-tracker.debian.org/tracker/CVE-2022-0543 Active Actors: Icon Name Origin Motive APT 35 (Magic Hound, Cobalt Illusion, Charming Kitten, TEMP.Beanie, Timberworm, Tarh Andishan, TA453, ITG18, Phosphorus, Newscaster) Iran Information theft and espionage AvosLocker Unknown Ecrime, Information theft, and Financial gain Lazarus Group (Labyrinth Chollima, Group 77, Hastati Group, Whois Hacking Team, NewRomanic Cyber Army Team, Zinc, Hidden Cobra, Appleworm, APT-C-26, ATK 3, SectorA01, ITG03) North Korea Information theft and espionage, Sabotage and destruction, Financial crime Lapsus$ (DEV-0537) Unknown Data theft and Destruction DarkHotel (APT-C-06, SIG25, Dubnium, Fallout Team, Shadow Crane, CTG-1948, Tungsten Bridge, ATK 52, Higaisa, TAPT-02, Luder) South Korea Information theft and espionage Targeted Location: Targeted Sectors: Common TTPs: TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion TA0006: Credential Access TA0007: Discovery TA0008: Lateral Movement TA0009: Collection TA0011: Command and Control TA0010: Exfiltration TA0040: Impact T1583: Acquire Infrastructure T1189: Drive-by Compromise T1059: Command and Scripting Interpreter T1098: Account Manipulation T1548: Abuse Elevation Control Mechanism T1548: Abuse Elevation Control Mechanism T1110: Brute Force T1010: Application Window Discovery T1021: Remote Services T1560: Archive Collected Data T1071: Application Layer Protocol T1048: Exfiltration Over Alternative Protocol T1485: Data Destruction T1583.001: Domains T1190: Exploit Public-Facing Application T1059.001: PowerShell T1547: Boot or Logon Autostart Execution T1134: Access Token Manipulation T1134: Access Token Manipulation T1110.003: Password Spraying T1083: File and Directory Discovery T1021.001: Remote Desktop Protocol T1560.003: Archive via Custom Method T1071.001: Web Protocols T1048.003: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1486: Data Encrypted for Impact T1583.006: Web Services T1133: External Remote Services T1059.005: Visual Basic T1547.006: Kernel Modules and Extensions T1134.002: Create Process with Token T1134.002: Create Process with Token T1056: Input Capture T1120: Peripheral Device Discovery T1021.002: SMB/Windows Admin Shares T1560.002: Archive via Library T1132: Data Encoding T1041: Exfiltration Over C2 Channel T1491: Defacement T1587: Develop Capabilities T1566: Phishing T1059.004: Unix Shell T1547.001: Registry Run Keys / Startup Folder T1547: Boot or Logon Autostart Execution T1564: Hide Artifacts T1056.004: Credential API Hooking T1057: Process Discovery T1021.004: SSH T1213: Data from Information Repositories T1132.001: Standard Encoding T1537: Transfer Data to Cloud Account T1491.001: Internal Defacement T1587.001: Malware T1566.001: Spearphishing Attachment T1059.003: Windows Command Shell T1547.009: Shortcut Modification T1547.006: Kernel Modules and Extensions T1564.001: Hidden Files and Directories T1056.001: Keylogging T1012: Query Registry T1005: Data from Local System T1001: Data Obfuscation T1561: Disk Wipe T1588: Obtain Capabilities T1199: Trusted Relationship T1203: Exploitation for Client Execution T1543: Create or Modify System Process T1547.001: Registry Run Keys / Startup Folder T1562: Impair Defenses T1003: OS Credential Dumping T1082: System Information Discovery T1074: Data Staged T1001.003: Protocol Impersonation T1561.001: Disk Content Wipe T1588.004: Digital Certificates T1078: Valid Accounts T1106: Native API T1543.003: Windows Service T1547.009: Shortcut Modification T1562.004: Disable or Modify System Firewall T1111: Two-Factor Authentication Interception T1016: System Network Configuration Discovery T1074.001: Local Data Staging T1573: Encrypted Channel T1561.002: Disk Structure Wipe T1588.006: Vulnerabilities T1053: Scheduled Task/Job T1133: External Remote Services T1543: Create or Modify System Process T1562.001: Disable or Modify Tools T1552: Unsecured Credentials T1033: System Owner/User Discovery T1056: Input Capture T1573.001: Symmetric Cryptography T1490: Inhibit System Recovery T1204: User Execution T1137: Office Application Startup T1543.003: Windows Service T1070: Indicator Removal on Host T1124: System Time Discovery T1056.004: Credential API Hooking T1008: Fallback Channels T1489: Service Stop T1204.002: Malicious File T1542: Pre-OS Boot T1068: Exploitation for Privilege Escalation T1070.004: File Deletion T1056.001: Keylogging T1105: Ingress Tool Transfer T1529: System Shutdown/Reboot T1047: Windows Management Instrumentation T1542.003: Bootkit T1055: Process Injection T1070.006: Timestomp T1571: Non-Standard Port T1053: Scheduled Task/Job T1055.001: Dynamic-link Library Injection T1036: Masquerading T1090: Proxy T1505: Server Software Component T1053: Scheduled Task/Job T1036.005: Match Legitimate Name or Location T1090.002: External Proxy T1505.003: Web Shell T1078: Valid Accounts T1027: Obfuscated Files or Information T1078: Valid Accounts T1027.006: HTML Smuggling T1027.002: Software Packing T1542: Pre-OS Boot T1542.003: Bootkit T1055: Process Injection T1055.001: Dynamic-link Library Injection T1218: Signed Binary Proxy Execution T1218.001: Compiled HTML File T1078: Valid Accounts T1497: Virtualization/Sandbox Evasion Threat Advisories: Microsoft\u2019s privilege escalation vulnerability that refuses to go away Google Chrome\u2019s second zero-day in 2022 Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities AvosLocker Ransomware group has targeted 50+ Organizations Worldwide North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability LAPSUS$ \u2013 New extortion group involved in the breach against Nvidia, Microsoft, Okta and Samsung DarkHotel APT group targeting the Hospitality Industry in China New Threat Actor using Serpent Backdoor attacking French Entities Muhstik botnet adds another vulnerability exploit to its arsenal", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-29T13:56:10", "type": "hivepro", "title": "Weekly Threat Digest: 21 \u2013 27 March 2022", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26855", "CVE-2021-31206", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34484", "CVE-2021-34523", "CVE-2022-0543", "CVE-2022-0609", "CVE-2022-1096", "CVE-2022-21919"], "modified": "2022-03-29T13:56:10", "id": "HIVEPRO:E7F36EC1E4DCF018F94ECD22747B7093", "href": "https://www.hivepro.com/weekly-threat-digest-21-27-march-2022/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2023-10-18T16:35:39", "description": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at July 05, 2022 3:18am UTC reported:\n\nLooks like this was a heap buffer overflow in WebRTC which could allow for a drive by attack that would grant attackers RCE on a target system. No news as to whether or not this was used with a sandbox escape though, It was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 according to <https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>, yet interestingly <https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html> also note it affects Chrome for Android.\n\nThere is a real world exploit for this out in the wild but given the generally tight lipped news around this and that it was found from a threat intelligence team, I would imagine this may have been used in more targeted attacks, but still widely enough that a threat intelligence team picked up on it. Bit hard to tell though since I hadn\u2019t heard about the Avast Threat Intelligence team prior to this; I imagine its possible one of their customers was targeted selectively and then they found out and notified Google.\n\nWith heap overflow bugs I generally err on the side of \u201cwell these things are harder to exploit\u201d however with browsers you typically have access to a much wider arsenal to use for crafting the heap into a state that is desirable for exploitation purposes, so the risk is a bit higher here. That being said exploitation of such bugs tends to be a little more complex in most cases, particularly given recent mitigations. I\u2019d still recommend patching this one if you can, but if not then you should try to disable WebRTC on your browsers until you can patch given in the wild exploitation.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T00:00:00", "type": "attackerkb", "title": "CVE-2022-2294", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2023-10-08T00:00:00", "id": "AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "href": "https://attackerkb.com/topics/42OzzPsFw0/cve-2022-2294", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:35:39", "description": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-26T00:00:00", "type": "attackerkb", "title": "CVE-2022-2856", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2023-10-08T00:00:00", "id": "AKB:A05826BB-6FC1-47F8-BF32-A673EC92DAEA", "href": "https://attackerkb.com/topics/GeFDZ9Uzjf/cve-2022-2856", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-10-18T16:37:24", "description": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-26T00:00:00", "type": "attackerkb", "title": "CVE-2022-1364", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2023-10-07T00:00:00", "id": "AKB:FF8776A0-8F09-4620-A059-9AA63732C37D", "href": "https://attackerkb.com/topics/2g85mcptOV/cve-2022-1364", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:38:37", "description": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-23T00:00:00", "type": "attackerkb", "title": "CVE-2022-1096", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2023-10-07T00:00:00", "id": "AKB:6D883363-6A9C-411A-8D48-5872842B65D3", "href": "https://attackerkb.com/topics/Jr4SM2pfMz/cve-2022-1096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T07:30:41", "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**AmirFedida** at February 15, 2022 8:23am UTC reported:\n\nGoogle is aware of reports that an exploit for CVE-2022-0609 exists in the wild.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "attackerkb", "title": "CVE-2022-0609", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-10-07T00:00:00", "id": "AKB:DEE6BA54-6F2D-4A58-9654-B21DD42E3502", "href": "https://attackerkb.com/topics/zfU2ECETgi/cve-2022-0609", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:34:53", "description": "Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-26T00:00:00", "type": "attackerkb", "title": "CVE-2022-3075", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-08T00:00:00", "id": "AKB:FECA1489-DC05-4990-A74B-DED8F2AF4441", "href": "https://attackerkb.com/topics/wFUv0YME8f/cve-2022-3075", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-12-03T16:07:25", "description": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-25T00:00:00", "type": "cisa_kev", "title": "WebRTC Heap Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294"], "modified": "2022-08-25T00:00:00", "id": "CISA-KEV-CVE-2022-2294", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:07:25", "description": "Google Chrome Intents allows for insufficient validation of untrusted input, causing Unknown impacts. CISA will update this description if more information becomes available.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-18T00:00:00", "type": "cisa_kev", "title": "Google Chrome Intents Insufficient Input Validation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2022-08-18T00:00:00", "id": "CISA-KEV-CVE-2022-2856", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T16:07:25", "description": "Google Chromium V8 engine contains a type confusion vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-15T00:00:00", "type": "cisa_kev", "title": "Google Chromium V8 Type Confusion Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-15T00:00:00", "id": "CISA-KEV-CVE-2022-1364", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:07:25", "description": "The vulnerability exists due to a type confusion error within the V8 component in Chromium, affecting all Chromium-based browsers.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-28T00:00:00", "type": "cisa_kev", "title": "Google Chromium V8 Type Confusion Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-03-28T00:00:00", "id": "CISA-KEV-CVE-2022-1096", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:07:25", "description": "Google Chromium Mojo contains an insufficient data validation vulnerability. Impacts from exploitation are not yet known. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-08T00:00:00", "type": "cisa_kev", "title": "Google Chromium Insufficient Data Validation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-08T00:00:00", "id": "CISA-KEV-CVE-2022-3075", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:07:25", "description": "The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "cisa_kev", "title": "Google Chrome Use-After-Free Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-15T00:00:00", "id": "CISA-KEV-CVE-2022-0609", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-11-02T15:06:10", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5121 advisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-19T00:00:00", "type": "nessus", "title": "Debian DSA-5121-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2023-11-01T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5121.NASL", "href": "https://www.tenable.com/plugins/nessus/159898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5121. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159898);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2022-1364\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n script_xref(name:\"IAVA\", value:\"2022-A-0156-S\");\n\n script_name(english:\"Debian DSA-5121-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5121\nadvisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 100.0.4896.127-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '100.0.4896.127-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '100.0.4896.127-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '100.0.4896.127-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '100.0.4896.127-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '100.0.4896.127-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '100.0.4896.127-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:55:32", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.60. It is, therefore, affected by a vulnerability as referenced in the August 17, 2022 advisory.\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-18T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 104.0.1293.60 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2856"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_104_0_1293_60.NASL", "href": "https://www.tenable.com/plugins/nessus/164253", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164253);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-2856\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 104.0.1293.60 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.60. It is, therefore, affected\nby a vulnerability as referenced in the August 17, 2022 advisory.\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-2856)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#august-17-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b53011a2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2856\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 104.0.1293.60 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2856\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '104.0.1293.60' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:03:51", "description": "The version of Google Chrome installed on the remote Windows host is prior to 100.0.4896.127. It is, therefore, affected by a vulnerability as referenced in the 2022_04_stable-channel-update-for-desktop_14 advisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-14T00:00:00", "type": "nessus", "title": "Google Chrome < 100.0.4896.127 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2023-11-01T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_100_0_4896_127.NASL", "href": "https://www.tenable.com/plugins/nessus/159741", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159741);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2022-1364\");\n script_xref(name:\"IAVA\", value:\"2022-A-0156-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n\n script_name(english:\"Google Chrome < 100.0.4896.127 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 100.0.4896.127. It is, therefore, affected\nby a vulnerability as referenced in the 2022_04_stable-channel-update-for-desktop_14 advisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d51f41d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1315901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 100.0.4896.127 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'100.0.4896.127', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:03:51", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a25ea27b-bced-11ec-87b5-3065ec8fd3ec advisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-15T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (a25ea27b-bced-11ec-87b5-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2023-11-01T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A25EA27BBCED11EC87B53065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/159766", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159766);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2022-1364\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n script_xref(name:\"IAVA\", value:\"2022-A-0156-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (a25ea27b-bced-11ec-87b5-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the a25ea27b-bced-11ec-87b5-3065ec8fd3ec advisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d51f41d\");\n # https://vuxml.freebsd.org/freebsd/a25ea27b-bced-11ec-87b5-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?665a7dd9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<100.0.4896.127'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:05:06", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0114-1 advisory.\n\n - Type Confusion in V8. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0114-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2023-11-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0114-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160016", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0114-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160016);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2022-1364\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n script_xref(name:\"IAVA\", value:\"2022-A-0156-S\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0114-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:0114-1 advisory.\n\n - Type Confusion in V8. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198509\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G5YYTVAL4HMIDBKVGBDTZND7UELHVRC2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3ddb6880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1364\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-100.0.4896.127-bp153.2.85.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-100.0.4896.127-bp153.2.85.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-100.0.4896.127-bp153.2.85.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-100.0.4896.127-bp153.2.85.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:06:38", "description": "The version of Google Chrome installed on the remote macOS host is prior to 100.0.4896.127. It is, therefore, affected by a vulnerability as referenced in the 2022_04_stable-channel-update-for-desktop_14 advisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-14T00:00:00", "type": "nessus", "title": "Google Chrome < 100.0.4896.127 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2023-11-01T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_100_0_4896_127.NASL", "href": "https://www.tenable.com/plugins/nessus/159740", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159740);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2022-1364\");\n script_xref(name:\"IAVA\", value:\"2022-A-0156-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/06\");\n\n script_name(english:\"Google Chrome < 100.0.4896.127 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 100.0.4896.127. It is, therefore, affected\nby a vulnerability as referenced in the 2022_04_stable-channel-update-for-desktop_14 advisory.\n\n - Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d51f41d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1315901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 100.0.4896.127 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'100.0.4896.127', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-04T15:16:05", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5110 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-28T00:00:00", "type": "nessus", "title": "Debian DSA-5110-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2023-11-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5110.NASL", "href": "https://www.tenable.com/plugins/nessus/159269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5110. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159269);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2022-1096\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"IAVA\", value:\"2022-A-0126-S\");\n\n script_name(english:\"Debian DSA-5110-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5110\nadvisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 99.0.4844.84-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '99.0.4844.84-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '99.0.4844.84-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '99.0.4844.84-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '99.0.4844.84-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '99.0.4844.84-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '99.0.4844.84-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:44:16", "description": "The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5350-1 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-28T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Chromium vulnerability (USN-5350-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:chromium-browser", "p-cpe:/a:canonical:ubuntu_linux:chromium-browser-l10n", "p-cpe:/a:canonical:ubuntu_linux:chromium-chromedriver", "p-cpe:/a:canonical:ubuntu_linux:chromium-codecs-ffmpeg", "p-cpe:/a:canonical:ubuntu_linux:chromium-codecs-ffmpeg-extra"], "id": "UBUNTU_USN-5350-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159243", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5350-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159243);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\"CVE-2022-1096\");\n script_xref(name:\"USN\", value:\"5350-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"IAVA\", value:\"2022-A-0126-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Chromium vulnerability (USN-5350-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the\nUSN-5350-1 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5350-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:chromium-browser-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:chromium-chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:chromium-codecs-ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:chromium-codecs-ffmpeg-extra\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'chromium-browser', 'pkgver': '99.0.4844.84-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'chromium-browser-l10n', 'pkgver': '99.0.4844.84-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'chromium-chromedriver', 'pkgver': '99.0.4844.84-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'chromium-codecs-ffmpeg', 'pkgver': '99.0.4844.84-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'chromium-codecs-ffmpeg-extra', 'pkgver': '99.0.4844.84-0ubuntu0.18.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser / chromium-browser-l10n / chromium-chromedriver / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-04T15:17:44", "description": "The version of Google Chrome installed on the remote Windows host is prior to 99.0.4844.84. It is, therefore, affected by a vulnerability as referenced in the 2022_03_stable-channel-update-for-desktop_25 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-25T00:00:00", "type": "nessus", "title": "Google Chrome < 99.0.4844.84 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_99_0_4844_84.NASL", "href": "https://www.tenable.com/plugins/nessus/159235", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159235);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2022-1096\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"IAVA\", value:\"2022-A-0126-S\");\n\n script_name(english:\"Google Chrome < 99.0.4844.84 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 99.0.4844.84. It is, therefore, affected\nby a vulnerability as referenced in the 2022_03_stable-channel-update-for-desktop_25 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?671782b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1309225\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 99.0.4844.84 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'99.0.4844.84', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:06:26", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10117-1 advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165222", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10117-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165222);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/11\");\n\n script_cve_id(\"CVE-2022-3075\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10117-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:10117-1 advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBGINNIWBONVAY4XS5FGSQDKRADTHUQI/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0195a7f9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-90.0.4480.84-lp153.2.60.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-07T16:26:08", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 323f900d-ac6d-11ec-a0b8-3065ec8fd3ec advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-26T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- V8 type confusion (323f900d-ac6d-11ec-a0b8-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_323F900DAC6D11ECA0B83065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/159238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159238);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\"CVE-2022-1096\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"IAVA\", value:\"2022-A-0126-S\");\n\n script_name(english:\"FreeBSD : chromium -- V8 type confusion (323f900d-ac6d-11ec-a0b8-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the 323f900d-ac6d-11ec-a0b8-3065ec8fd3ec advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?671782b7\");\n # https://vuxml.freebsd.org/freebsd/323f900d-ac6d-11ec-a0b8-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff16c010\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<99.0.4844.84'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:56:03", "description": "The version of Google Chrome installed on the remote macOS host is prior to 105.0.5195.102. It is, therefore, affected by a vulnerability as referenced in the 2022_09_stable-channel-update-for-desktop advisory.\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-02T00:00:00", "type": "nessus", "title": "Google Chrome < 105.0.5195.102 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_105_0_5195_102.NASL", "href": "https://www.tenable.com/plugins/nessus/164657", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164657);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-3075\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"IAVA\", value:\"2022-A-0351-S\");\n\n script_name(english:\"Google Chrome < 105.0.5195.102 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 105.0.5195.102. It is, therefore, affected\nby a vulnerability as referenced in the 2022_09_stable-channel-update-for-desktop advisory.\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84ba03a1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1358134\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 105.0.5195.102 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'105.0.5195.102', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:57:10", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5225 advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-07T00:00:00", "type": "nessus", "title": "Debian DSA-5225-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5225.NASL", "href": "https://www.tenable.com/plugins/nessus/164815", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5225. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164815);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/12\");\n\n script_cve_id(\"CVE-2022-3075\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"IAVA\", value:\"2022-A-0351-S\");\n\n script_name(english:\"Debian DSA-5225-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5225\nadvisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 105.0.5195.102-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '105.0.5195.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '105.0.5195.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '105.0.5195.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '105.0.5195.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '105.0.5195.102-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '105.0.5195.102-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-04T15:17:13", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.55. It is, therefore, affected by a vulnerability as referenced in the March 26, 2022 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-26T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 99.0.1150.55 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_99_0_1150_55.NASL", "href": "https://www.tenable.com/plugins/nessus/159239", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159239);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2022-1096\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"IAVA\", value:\"2022-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0544-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 99.0.1150.55 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 99.0.1150.55. It is, therefore, affected\nby a vulnerability as referenced in the March 26, 2022 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-26-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?991726b8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 99.0.1150.55 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '99.0.1150.55' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-04T15:16:00", "description": "The version of Google Chrome installed on the remote macOS host is prior to 99.0.4844.84. It is, therefore, affected by a vulnerability as referenced in the 2022_03_stable-channel-update-for-desktop_25 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-25T00:00:00", "type": "nessus", "title": "Google Chrome < 99.0.4844.84 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_99_0_4844_84.NASL", "href": "https://www.tenable.com/plugins/nessus/159236", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159236);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2022-1096\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"IAVA\", value:\"2022-A-0126-S\");\n\n script_name(english:\"Google Chrome < 99.0.4844.84 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 99.0.4844.84. It is, therefore, affected by\na vulnerability as referenced in the 2022_03_stable-channel-update-for-desktop_25 advisory.\n\n - Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-1096)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?671782b7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1309225\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 99.0.4844.84 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'99.0.4844.84', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:56:03", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.27. It is, therefore, affected by a vulnerability as referenced in the September 2, 2022 advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-02T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 105.0.1343.27 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_105_0_1343_27.NASL", "href": "https://www.tenable.com/plugins/nessus/164658", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164658);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-3075\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"IAVA\", value:\"2022-A-0351-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0361-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 105.0.1343.27 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.27. It is, therefore, affected\nby a vulnerability as referenced in the September 2, 2022 advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-2-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7aa022b9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 105.0.1343.27 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '105.0.1343.27' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:06:24", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10118-1 advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10118-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2022-10118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164952", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10118-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164952);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/12\");\n\n script_cve_id(\"CVE-2022-3075\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10118-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:10118-1 advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/URTDZNQXSQ54LKAIEAGWB3HD5C6CP3RE/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ccb896ef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-90.0.4480.84-lp154.2.20.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:56:03", "description": "The version of Google Chrome installed on the remote Windows host is prior to 105.0.5195.102. It is, therefore, affected by a vulnerability as referenced in the 2022_09_stable-channel-update-for-desktop advisory.\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-02T00:00:00", "type": "nessus", "title": "Google Chrome < 105.0.5195.102 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-13T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_105_0_5195_102.NASL", "href": "https://www.tenable.com/plugins/nessus/164656", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164656);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-3075\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"IAVA\", value:\"2022-A-0351-S\");\n\n script_name(english:\"Google Chrome < 105.0.5195.102 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 105.0.5195.102. It is, therefore, affected\nby a vulnerability as referenced in the 2022_09_stable-channel-update-for-desktop advisory.\n\n - Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84ba03a1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1358134\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 105.0.5195.102 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'105.0.5195.102', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:56:03", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-03T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- insufficient data validation in Mojo (f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2023-10-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F38D25AC2B7A11EDA1EF3065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/164673", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164673);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\"CVE-2022-3075\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/29\");\n script_xref(name:\"IAVA\", value:\"2022-A-0351-S\");\n\n script_name(english:\"FreeBSD : chromium -- insufficient data validation in Mojo (f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec advisory.\n\n - Insufficient data validation in Mojo. (CVE-2022-3075)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84ba03a1\");\n # https://vuxml.freebsd.org/freebsd/f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8607bf5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<105.0.5195.102'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:10:05", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected by a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-10-19T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "href": "https://www.tenable.com/plugins/nessus/162776", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162776);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/19\");\n\n script_cve_id(\"CVE-2022-2294\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 103.0.1264.49 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 103.0.1264.49. It is, therefore, affected\nby a vulnerability as referenced in the July 6, 2022 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-6-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c255ed38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 103.0.1264.49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '103.0.1264.49' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:12", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/162839", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162839);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n # https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f39f44de\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<103.0.5060.114'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:10:31", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10055-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163078", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10055-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163078);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10055-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10055-1 advisory.\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294, CVE-2022-2295)\n\n - Use after free in Chrome OS Shell. (CVE-2022-2296)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201216\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7dcbbe96\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-103.0.5060.114-bp153.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:35", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Debian DSA-5180-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5180.NASL", "href": "https://www.tenable.com/plugins/nessus/163024", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5180. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Debian DSA-5180-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5180 advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.114-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '103.0.5060.114-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '103.0.5060.114-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:12:58", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-5568-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164124", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5568-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164124);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-32792\", \"CVE-2022-32816\");\n script_xref(name:\"USN\", value:\"5568-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5568-1 advisory.\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\n\n - The issue was addressed with improved UI handling. (CVE-2022-32816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5568-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32792\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.20.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'gir1.2-webkit2-4.1', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libjavascriptcoregtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-0', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libwebkit2gtk-4.1-dev', 'pkgver': '2.36.6-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.36.6-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:12", "description": "The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162705", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162705);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:11", "description": "The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-04T00:00:00", "type": "nessus", "title": "Google Chrome < 103.0.5060.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_103_0_5060_114.NASL", "href": "https://www.tenable.com/plugins/nessus/162706", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162706);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2294\", \"CVE-2022-2295\", \"CVE-2022-2296\");\n script_xref(name:\"IAVA\", value:\"2022-A-0262-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"Google Chrome < 103.0.5060.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 103.0.5060.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_07_stable-channel-update-for-desktop advisory.\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f10a4e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1341043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1336869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1327087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 103.0.5060.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2296\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'103.0.5060.114', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:09:13", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2023-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10057-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163094", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10057-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163094);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/25\");\n\n script_cve_id(\n \"CVE-2022-2007\",\n \"CVE-2022-2008\",\n \"CVE-2022-2010\",\n \"CVE-2022-2011\",\n \"CVE-2022-2294\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10057-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10057-1 advisory.\n\n - Use after free in WebGPU. (CVE-2022-2007)\n\n - Out of bounds memory access in WebGL. (CVE-2022-2008)\n\n - Out of bounds read in compositing. (CVE-2022-2010)\n\n - Use after free in ANGLE. (CVE-2022-2011)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-2294)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d06180ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2294\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-88.0.4412.74-lp154.2.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-29T15:30:13", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2022-10088-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164144", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10088-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164144);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10088-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10088-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2a5cb63\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp154.2.14.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:11:28", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10087-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164134", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10087-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164134);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-2163\",\n \"CVE-2022-2294\",\n \"CVE-2022-2295\",\n \"CVE-2022-2296\",\n \"CVE-2022-2477\",\n \"CVE-2022-2478\",\n \"CVE-2022-2479\",\n \"CVE-2022-2480\",\n \"CVE-2022-2481\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:10087-1 advisory.\n\n - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who\n convinced a user to install a malicious extension to potentially exploit heap corruption via UI\n interaction. (CVE-2022-2163)\n\n - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)\n\n - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2295)\n\n - Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote\n attacker who convinced a user to engage in specific user interactions to potentially exploit heap\n corruption via direct UI interactions. (CVE-2022-2296)\n\n - Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2022-2477)\n\n - Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2022-2478)\n\n - Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134\n allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive\n information from internal file directories via a crafted HTML page. (CVE-2022-2479)\n\n - Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2480)\n\n - Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a\n user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.\n (CVE-2022-2481)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05668353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'opera-89.0.4447.71-lp153.2.54.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:37", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0042-1 advisory.\n\n - Use after free in File Manager. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups. (CVE-2022-0604)\n\n - Use after free in Webstore API. (CVE-2022-0605)\n\n - Use after free in ANGLE. (CVE-2022-0606)\n\n - Use after free in GPU. (CVE-2022-0607)\n\n - Integer overflow in Mojo. (CVE-2022-0608)\n\n - Use after free in Animation. (CVE-2022-0609)\n\n - Inappropriate implementation in Gamepad API. (CVE-2022-0610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-22T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0042-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0042-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158240", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0042-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158240);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2022-0603\",\n \"CVE-2022-0604\",\n \"CVE-2022-0605\",\n \"CVE-2022-0606\",\n \"CVE-2022-0607\",\n \"CVE-2022-0608\",\n \"CVE-2022-0609\",\n \"CVE-2022-0610\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/01\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0042-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0042-1 advisory.\n\n - Use after free in File Manager. (CVE-2022-0603)\n\n - Heap buffer overflow in Tab Groups. (CVE-2022-0604)\n\n - Use after free in Webstore API. (CVE-2022-0605)\n\n - Use after free in ANGLE. (CVE-2022-0606)\n\n - Use after free in GPU. (CVE-2022-0607)\n\n - Integer overflow in Mojo. (CVE-2022-0608)\n\n - Use after free in Animation. (CVE-2022-0609)\n\n - Inappropriate implementation in Gamepad API. (CVE-2022-0610)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195986\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAORTPDMHKSRQIYVJOF76VFIUP5OMBJA/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f05e4e32\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0610\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'chromedriver-98.0.4758.102-bp153.2.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-98.0.4758.102-bp153.2.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-98.0.4758.102-bp153.2.63.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-98.0.4758.102-bp153.2.63.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-03T16:59:37", "description": "### *Detect date*:\n08/17/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nValidation of untrusted input vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to cause denial of service.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2856](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2856>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2856](<https://vulners.com/cve/CVE-2022-2856>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-17T00:00:00", "type": "kaspersky", "title": "KLA15723 DoS vulnerability in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2856"], "modified": "2023-09-29T00:00:00", "id": "KLA15723", "href": "https://threats.kaspersky.com/en/vulnerability/KLA15723/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T17:02:37", "description": "### *Detect date*:\n04/14/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nType confusion vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to cause denial of service.\n\n### *Exploitation*:\nPublic exploits exist for this vulnerability.\n\n### *Affected products*:\nGoogle Chrome earlier than 100.0.4896.127\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-1364](<https://vulners.com/cve/CVE-2022-1364>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "kaspersky", "title": "KLA12512 DoS vulnerability in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2023-11-23T00:00:00", "id": "KLA12512", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12512/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:04:37", "description": "### *Detect date*:\n03/25/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nType Confusion vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 99.0.4844.84\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-1096](<https://vulners.com/cve/CVE-2022-1096>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-25T00:00:00", "type": "kaspersky", "title": "KLA12491 Type Confusion vulnerability in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2023-09-29T00:00:00", "id": "KLA12491", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12491/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:04:36", "description": "### *Detect date*:\n03/26/2022\n\n### *Severity*:\nWarning\n\n### *Description*:\nType Confusion vulnerability in Microsoft Browser. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-1096](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-1096](<https://vulners.com/cve/CVE-2022-1096>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-26T00:00:00", "type": "kaspersky", "title": "KLA12492 Type Confusion vulnerability in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2023-09-29T00:00:00", "id": "KLA12492", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12492/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:01:28", "description": "### *Detect date*:\n03/29/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nType confusion vulnerability was found in Opera. Malicious users can exploit this vulnerability to cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOpera earlier than 85.0.4341.28\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 85](<https://blogs.opera.com/desktop/changelog-for-85/#b4341.28>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-1096](<https://vulners.com/cve/CVE-2022-1096>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-29T00:00:00", "type": "kaspersky", "title": "KLA12538 DoS vulnerability in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2023-09-29T00:00:00", "id": "KLA12538", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12538/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:59:10", "description": "### *Detect date*:\n09/14/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nData validation vulnerability was found in Opera. Malicious users can exploit this vulnerability to cause denial of service.\n\n### *Affected products*:\nOpera earlier than 91.0.4516.16\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 91](<https://blogs.opera.com/desktop/changelog-for-91/#b4516.16>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-3075](<https://vulners.com/cve/CVE-2022-3075>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-14T00:00:00", "type": "kaspersky", "title": "KLA19251 DoS vulnerability in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2023-09-29T00:00:00", "id": "KLA19251", "href": "https://threats.kaspersky.com/en/vulnerability/KLA19251/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:01:49", "description": "### *Detect date*:\n03/26/2022\n\n### *Severity*:\nWarning\n\n### *Description*:\nType confusion vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Visual Studio\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-1096](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)\n\n### *CVE-IDS*:\n[CVE-2022-1096](<https://vulners.com/cve/CVE-2022-1096>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-26T00:00:00", "type": "kaspersky", "title": "KLA12529 Type confusion vulnerability in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2023-09-29T00:00:00", "id": "KLA12529", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12529/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:59:21", "description": "### *Detect date*:\n09/02/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nData validation vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-3075](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-3075](<https://vulners.com/cve/CVE-2022-3075>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-02T00:00:00", "type": "kaspersky", "title": "KLA15736 DoS vulnerability in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2023-09-29T00:00:00", "id": "KLA15736", "href": "https://threats.kaspersky.com/en/vulnerability/KLA15736/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:59:22", "description": "### *Detect date*:\n09/02/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nData validation vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 105.0.5195.102\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-3075](<https://vulners.com/cve/CVE-2022-3075>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-02T00:00:00", "type": "kaspersky", "title": "KLA15735 DoS vulnerability in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2023-09-29T00:00:00", "id": "KLA15735", "href": "https://threats.kaspersky.com/en/vulnerability/KLA15735/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:19", "description": "### *Detect date*:\n07/06/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) \n[CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-06T00:00:00", "type": "kaspersky", "title": "KLA12579 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2023-09-29T00:00:00", "id": "KLA12579", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12579/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:21", "description": "### *Detect date*:\n07/04/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 103.0.5060.114\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "kaspersky", "title": "KLA12578 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-09-29T00:00:00", "id": "KLA12578", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12578/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:00:10", "description": "### *Detect date*:\n07/14/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOpera earlier than 89.0.4447.48\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for 89](<https://blogs.opera.com/desktop/changelog-for-89/#b4447.48>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2022-2295](<https://vulners.com/cve/CVE-2022-2295>)5.0Warning \n[CVE-2022-2294](<https://vulners.com/cve/CVE-2022-2294>)5.0Warning \n[CVE-2022-2296](<https://vulners.com/cve/CVE-2022-2296>)5.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-14T00:00:00", "type": "kaspersky", "title": "KLA12587 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2023-09-29T00:00:00", "id": "KLA12587", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12587/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-08-31T09:51:32", "description": "Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Intents, which is caused by an untrusted input that does not adequately validate intent and can be exploited by attackers to bypass security restrictions.", "cvss3": {}, "published": "2022-08-18T00:00:00", "type": "cnvd", "title": "Google Chrome Intents security bypass vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-2856"], "modified": "2022-08-31T00:00:00", "id": "CNVD-2022-60667", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-60667", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-27T04:49:20", "description": "Google Chrome is a web browser from Google, Inc. Google Chrome Animation has a code execution vulnerability that can be exploited by attackers to execute arbitrary code on the system or cause a denial of service condition.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-16T00:00:00", "type": "cnvd", "title": "Google Chrome Animation code execution vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-18T00:00:00", "id": "CNVD-2022-20552", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-20552", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 2 security fixes, including:\n\n[1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Cl\u00e9ment Lecigne of Google's Threat Analysis Group on 2022-0-13\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-14T00:00:00", "id": "A25EA27B-BCED-11EC-87B5-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/a25ea27b-bced-11ec-87b5-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 1 security fix:\n\n[1309225] High CVE-2022-1096: Type Confusion in V8. Reported by\n\t anonymous on 2022-03-23\n\nGoogle is aware that an exploit for CVE-2022-1096 exists in the wild.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-25T00:00:00", "type": "freebsd", "title": "chromium -- V8 type confusion", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-03-25T00:00:00", "id": "323F900D-AC6D-11EC-A0B8-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/323f900d-ac6d-11ec-a0b8-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 1 security fix:\n\n[1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30\n\nGoogle is aware that an exploit of CVE-2022-3075 exists in the wild.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-02T00:00:00", "type": "freebsd", "title": "chromium -- insufficient data validation in Mojo", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-02T00:00:00", "id": "F38D25AC-2B7A-11ED-A1EF-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 4 security fixes, including:\n\n[1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01\n[1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n[1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:50:38", "description": "\n\nChrome Releases reports:\n\nThis release contains 11 security fixes, including:\n\n[1290008] High CVE-2022-0603: Use after free in File Manager.\n\t Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22\n[1273397] High CVE-2022-0604: Heap buffer overflow in Tab\n\t Groups. Reported by Krace on 2021-11-24\n[1286940] High CVE-2022-0605: Use after free in Webstore API.\n\t Reported by Thomas Orlita on 2022-01-13\n[1288020] High CVE-2022-0606: Use after free in ANGLE. Reported\n\t by Cassidy Kim of Amber Security Lab, OPPO Mobile\n\t Telecommunications Corp. Ltd. on 2022-01-17\n[1250655] High CVE-2022-0607: Use after free in GPU. Reported by\n\t 0x74960 on 2021-09-17\n[1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported\n\t by Sergei Glazunov of Google Project Zero on 2021-11-16\n[1296150] High CVE-2022-0609: Use after free in Animation.\n\t Reported by Adam Weidemann and Cl\u00e9ment Lecigne of Google'\n\t Threat Analysis Group on 2022-02-10\n[1285449] Medium CVE-2022-0610: Inappropriate implementation in\n\t Gamepad API. Reported by Anonymous on 2022-01-08\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-14T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-14T00:00:00", "id": "E12432AF-8E73-11EC-8BC4-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/e12432af-8e73-11ec-8bc4-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2023-12-03T15:17:01", "description": "The Stable channel has been updated to 100.0.4896.127 for Windows, Mac and Linux which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/100.0.4896.88..100.0.4896.127?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n** \n**\n\nThis update includes [2](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-3-M100>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n[$NA][[1315901](<https://crbug.com/1315901>)] High CVE-2022-1364: Type Confusion in V8. Reported by Cl\u00e9ment Lecigne of Google's Threat Analysis Group on 2022-04-13\n\n** \n**\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n** \n**\n\nGoogle is aware that an exploit for CVE-2022-1364 exists in the wild. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1316420](<https://crbug.com/1316420>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nPrudhviKumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-14T00:00:00", "id": "GCSA-2955998722942640296", "href": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:17:01", "description": "Hi, everyone! We've just released Chrome 100 (100.0.4896.127) for Android: it'll become [available on Google Play](<https://play.google.com/store/apps/details?id=com.android.chrome>) over the next few days.\n\nThis release includes security, stability and performance improvements. You can see a full list of the changes in the [Git log](<https://chromium.googlesource.com/chromium/src/+log/100.0.4896.88..100.0.4896.127?pretty=fuller&n=10000>). If you find a new issue, please let us know by [filing a bug](<https://code.google.com/p/chromium/issues/entry?template=Android%20Issue>).\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n** \n**\n\nThis update includes [2](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-3-M100>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n[$NA][[1315901](<https://crbug.com/1315901>)] High CVE-2022-1364: Type Confusion in V8. Reported by Cl\u00e9ment Lecigne of Google's Threat Analysis Group on 2022-04-13\n\n** \n**\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n** \n**\n\nGoogle is aware that an exploit for CVE-2022-1364 exists in the wild. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1316420](<https://crbug.com/1316420>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nKrishna Govind\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "chrome", "title": "Chrome for Android Update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-14T00:00:00", "id": "GCSA-3812047510544759764", "href": "https://chromereleases.googleblog.com/2022/04/chrome-for-android-update_01436352408.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T20:12:27", "description": "The Stable channel has been updated to 105.0.5195.102 for Windows,Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/105.0.5195.52..105.0.5195.102?pretty=fuller&n=10000>).\n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [1](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M105>) security fix. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$TBD][[1358134](<https://crbug.com/1358134>)] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nGoogle is aware of reportsrts that an exploit for CVE-2022-3075 exists in the wild.\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://support.google.com/chrome/community>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\nPrudhvikumar Bommana \n\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-02T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-02T00:00:00", "id": "GCSA-3975554673488527527", "href": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:17:04", "description": "The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/99.0.4844.82..99.0.4844.84?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\nThis update includes [1](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-2-M99>) security fix. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n[$TBD][[1309225](<https://crbug.com/1309225>)] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-1096 exists in the wild. \n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nPrudhviKumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-25T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-03-25T00:00:00", "id": "GCSA-6591445864469691028", "href": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:16:54", "description": "Hi, everyone! We've just released Chrome 103 (103.0.5060.71) for Android: it'll become [available on Google Play](<https://play.google.com/store/apps/details?id=com.android.chrome>) over the next few days.\n\nThis release includes security,stability and performance improvements. You can see a full list of the changes in the [Git log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.70..103.0.5060.71?pretty=fuller&n=10000>). \n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [3](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$TBD][[1327312](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC.\n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1341569](<https://crbug.com/1341569>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL.\n\nIf you find a new issue, please let us know by [filing a bug](<https://code.google.com/p/chromium/issues/entry?template=Android%20Issue>). \n\n\n\nKrishna Govind \n[Google Chrome](<https://www.google.com/chrome/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Chrome for Android Update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-07-04T00:00:00", "id": "GCSA-7720125337817983232", "href": "https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:16:54", "description": "The Stable channel has been updated to 103.0.5060.114 for Windows. which will roll out over the coming days/weeks. \n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/103.0.5060.53..103.0.5060.114?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [4](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M103>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n[$TBD][[1341043](<https://crbug.com/1341043>)] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 \n\n[$7500][[1336869](<https://crbug.com/1336869>)] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16 \n\n[$3000][[1327087](<https://crbug.com/1327087>)] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 \n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2022-2294 exists in the wild.\n\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1338205](<https://crbug.com/1338205>)] Various fixes from internal audits, fuzzing and other initiatives\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-04T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-04T00:00:00", "id": "GCSA-5089288012050676645", "href": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:17:07", "description": "The Stable channel has been updated to 98.0.4758.102 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 98.0.4758.102 for Windows and Mac which will roll out over the coming days/weeks\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/98.0.4758.80..98.0.4758.102?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n** \n**\n\nSecurity Fixes and Rewards\n\n\n\n\n_Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed._\n\n** \n**\n\nThis update includes [11](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M98>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n** \n**\n\n[$15000][[1290008](<https://crbug.com/1290008>)] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22\n\n[$7000][[1273397](<https://crbug.com/1273397>)] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24\n\n[$7000][[1286940](<https://crbug.com/1286940>)] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13\n\n[$7000][[1288020](<https://crbug.com/1288020>)] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17\n\n[$TBD][[1250655](<https://crbug.com/1250655>)] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17\n\n[$NA][[1270333](<https://crbug.com/1270333>)] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16\n\n[$NA][[1296150](<https://crbug.com/1296150>)] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Cl\u00e9ment Lecigne of Google's Threat Analysis Group on 2022-02-10\n\n[$TBD][[1285449](<https://crbug.com/1285449>)] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08\n\n** \n**\n\n** \n**\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n** \n**\n\nGoogle is aware of reports that an exploit for CVE-2022-0609 exists in the wild. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1297168](<https://crbug.com/1297168>)] Various fixes from internal audits, fuzzing and other initiatives\n\n** \n**\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-14T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-14T00:00:00", "id": "GCSA-5842936521181266609", "href": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-07-29T18:53:42", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Updated Chromium to 100.0.4896.127 (boo#1198509)\n\n - CVE-2022-1364: Type Confusion in V8\n - Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-114=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-19T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-19T00:00:00", "id": "OPENSUSE-SU-2022:0114-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G5YYTVAL4HMIDBKVGBDTZND7UELHVRC2/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-10T08:09:40", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to 86.0.4363.23:\n\n - CHR-8843 Update chromium on desktop-stable-100-4363 to 100.0.4896.127\n - DNA-98236 Turn on #snap-text-selection on all streams\n - DNA-98507 DCHECK at address_bar_controller.cc(547)\n - DNA-98528 Suggestions for internal pages disappear when typing their\n full name\n - DNA-98538 Change name of \"Opera Crypto Wallet\" to \"Crypto Wallet\"\n - DNA-98540 Booking.com used instead of custom search engine\n - DNA-98587 Favicon of booking suggestion in the city category is\n unexpectedly changing\n - DNA-98605 City suggestions should show URL in address field when\n selected\n - DNA-98608 #address-bar-dropdown-categories expired\n - DNA-98616 Add recent searches to 'old' BABE\n - DNA-98668 Switch to tab button leads to wrong tab\n - DNA-98673 Improve suggestion removal handling in suggestion providers\n - DNA-98681 Remove unused suggestion consumers\n - DNA-98684 Have a dedicated SuggestionList for the new address bar\n dropdown\n - DNA-98685 Enable #native-crypto-wallet on developer\n - DNA-98688 \"Disable this feature\" mini-menu settings is non-intuitive\n - DNA-98690 Autocompleted text stayed in address field after removing\n suggestion\n - DNA-98738 Inline autocomplete suggestion for SD disappears after\n typing 3rd letter of SD name\n - DNA-98743 Blank dropdown after pressing space key\n - DNA-98783 Improve showing suggestions with long URLs or page titles\n - DNA-98785 \"Switch to tab\" button not shown for suggestions with www\n subdomain when typing domain text\n - DNA-98879 \"Disable suggestions before typing\" mini-menu option should\n change to \"Enable suggestions before typing\" when being selected\n - DNA-98917 Translations for O86\n - DNA-98975 Turn on #snap-crop-tool on all channels\n - DNA-98980 Enable #native-crypto-wallet on all streams\n - DNA-99005 The sidebar item is not visible for already active crypto\n wallet users when #native-crypto-wallet flag is enabled.\n - DNA-99007 Crash at TemplateURLRef::ParseIfNecessary(SearchTermsData\n const&) const\n - DNA-99047 Promote O86 to stable\n\n - The update to chromium 100.0.4896.127 fixes following issues:\n CVE-2022-1364\n\n - Complete Opera 86.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-86/\n\n Update to 85.0.4341.60:\n\n - DNA-98666 Set baidu as default search engine in China\n - DNA-98707 Hint is not displayed for new crypto wallet sidebar icon\n - DNA-98775 RichHintsSearchEngineCondition.testSogouSearchEngine errors\n\n Update to 85.0.4341.47:\n\n - DNA-98249 Add feature flag #native-crypto-wallet\n - DNA-98250 Install extension on startup\n - DNA-98251 Make Crypto Wallet setting enable / disable extension\n - DNA-98252 Deactivate old desktop crypto wallet\n - DNA-98253 Always show \ufffd\ufffd\ufffdCrypto Wallet\ufffd\ufffd\ufffd in Sidebar Setup\n - DNA-98497 Crash when installing extension\n - DNA-98506 Enable opera_feature_crypto_wallet_encryption\n on desktop\n - DNA-98510 Blank icon in sidebar setup\n - DNA-98538 Change name of \"Opera Crypto Wallet\" to \"Crypto Wallet\"\n - DNA-98685 Enable #native-crypto-wallet on developer\n - DNA-98766 Crash at\n opera::AddressBarControllerImpl::OpenNativeDropdown()\n - DNA-98768 Crash at\n extensions::ContentFilterPrivateIsWhitelistedFunction::Run()\n - DNA-98770 Recent searches stay in address field after selecting entry\n from dropdown\n - DNA-98772 Screen sharing broken\n - DNA-98803 Autofilled part appended after selecting address bar using\n shortcut\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-123=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-02T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2022-05-02T00:00:00", "id": "OPENSUSE-SU-2022:0123-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQIZDBENBA7SYCDEBOVU4TMJLSK3IIRM/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T12:08:13", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to 90.0.4480.84\n\n - DNA-101690 Cherry-pick fix for CVE-2022-3075 from chromium\n\n Update to 90.0.4480.80\n\n - DNA-99188 Tab Tooltip doesn't disappear\n - DNA-100664 Shopping corner widget\n - DNA-100843 Options to install and update VPN Pro app, when it's not\n installed\n - DNA-100901 Disappearing \"X\" when closing tabs.\n - DNA-101093 Changing News section is not working\n - DNA-101246 Use long tail list for suggesting instead of current Speed\n Dial Suggestions\n - DNA-101278 PDF don't work on Opera with CN location\n - DNA-101312 Allow changing logged in user with BrowserAPI\n - DNA-101315 Can not connect to free VPN in private window\n - DNA-101411 [Linux] Clicking VpnPopup Settings to 'vpnWithDisclaimer'\n leads to black popup\n - DNA-101422 Crash at void content::NavigationControllerImpl::\n NavigateToExistingPendingEntry(content::ReloadType, int, bool)\n - DNA-101429 News loads for Global-EN language by default\n - DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider()\n - DNA-101485 Crash at base::SequencedTaskRunnerHandle::Get() via\n extensions::OperaTouchPrivateGetImageFunction::PerformGetImage\n - DNA-101524 [Mac] Tab should be highlighted again after dismissing\n context menu\n - DNA-101549 Crash at views::View::IsMouseHovered()\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10117=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-12T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-12T00:00:00", "id": "OPENSUSE-SU-2022:10117-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBGINNIWBONVAY4XS5FGSQDKRADTHUQI/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T12:08:13", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to 90.0.4480.84\n\n - DNA-101690 Cherry-pick fix for CVE-2022-3075 from chromium\n\n Update to 90.0.4480.80\n\n - DNA-99188 Tab Tooltip doesn't disappear\n - DNA-100664 Shopping corner widget\n - DNA-100843 Options to install and update VPN Pro app, when it's not\n installed\n - DNA-100901 Disappearing \"X\" when closing tabs.\n - DNA-101093 Changing News section is not working\n - DNA-101246 Use long tail list for suggesting instead of current Speed\n Dial Suggestions\n - DNA-101278 PDF don't work on Opera with CN location\n - DNA-101312 Allow changing logged in user with BrowserAPI\n - DNA-101315 Can not connect to free VPN in private window\n - DNA-101411 [Linux] Clicking VpnPopup Settings to 'vpnWithDisclaimer'\n leads to black popup\n - DNA-101422 Crash at void content::NavigationControllerImpl::\n NavigateToExistingPendingEntry(content::ReloadType, int, bool)\n - DNA-101429 News loads for Global-EN language by default\n - DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider()\n - DNA-101485 Crash at base::SequencedTaskRunnerHandle::Get() via\n extensions::OperaTouchPrivateGetImageFunction::PerformGetImage\n - DNA-101524 [Mac] Tab should be highlighted again after dismissing\n context menu\n - DNA-101549 Crash at views::View::IsMouseHovered()\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10118=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-12T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-12T00:00:00", "id": "OPENSUSE-SU-2022:10118-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/URTDZNQXSQ54LKAIEAGWB3HD5C6CP3RE/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T21:00:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 103.0.5060.114 (boo#1201216)\n\n * CVE-2022-2294: Heap buffer overflow in WebRTC\n * CVE-2022-2295: Type Confusion in V8\n * CVE-2022-2296: Use after free in Chrome OS Shell\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10055=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10055=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10055-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5LTW7LEHL5JFGRUX2J7S5CEEACPAUP/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T10:39:22", "description": "An update that fixes three vulnerabilities, contains two\n features is now available.\n\nDescription:\n\n This update for apache2 fixes the following issues:\n\n Apache2 was updated to the current stable version 2.4.51 (jsc#SLE-22733\n jsc#SLE-22849)\n\n It fixes all CVEs and selected bugs represented by patches found between\n 2.4.23 and 2.4.51.\n\n See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change\n log.\n\n Also fixed:\n\n - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy\n configurations (bsc#1193943)\n - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in\n mod_lua (bsc#1193942)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-91=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-91=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-28T00:00:00", "type": "suse", "title": "Security update for apache2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-1096"], "modified": "2022-03-28T00:00:00", "id": "OPENSUSE-SU-2022:0091-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GAGXJ7UEPQFKOBDHSFXWEUQD3IJIQ2SD/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:08:17", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 88.0.4412.74:\n\n - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches\n\n Update to 88.0.4412.53\n\n - DNA-99108 [Lin] Options on video pop out not possible to change\n - DNA-99832 On automatic video popout, close button should not stop video\n - DNA-99833 Allow turning on and off of each 'BABE' section from gear\n icon\n - DNA-99852 Default browser in Mac installer\n - DNA-99993 Crashes in AudioFileReaderTest,\n FFmpegAACBitstreamConverterTest\n - DNA-100045 iFrame Exception not unblocked with Acceptable Ads\n - DNA-100291 Update snapcraft uploading/releasing in scripts to use\n craft store\n\n Changes in 88.0.4412.40\n\n - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115\n - DNA-99713 Sizing issues with video conferencing controls in PiP window\n - DNA-99831 Add 'back to tab' button like on video pop-out\n\n - The update to chromium 102.0.5005.115 fixes following issues:\n CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011\n\n Changes in 88.0.4412.27\n\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412\n - DNA-99969 Promote O88 to stable\n\n - Complete Opera 88.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-88/\n\n Update to 87.0.4390.45\n\n - DNA-99478 Top Sites don\ufffd\ufffd\ufffdt always has big icon\n - DNA-99702 Enable Acceptable Ads for stable stream\n - DNA-99725 Crash at opera::ModalDialogViews::Show()\n - DNA-99752 Do not allow to uncheck all lists for adBlock\n\n - Update to 87.0.4390.36\n - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67\n - DNA-99190 Investigate windows installer signature errors on win7\n - DNA-99502 Sidebar \ufffd\ufffd\ufffd API to open panels\n - DNA-99593 Report sad tab displayed counts per kind\n - DNA-99628 Personalized Speed Dial context menu issue fix\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10057=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.8}, "published": "2022-07-13T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011", "CVE-2022-2294"], "modified": "2022-07-13T00:00:00", "id": "OPENSUSE-SU-2022:10057-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n opera was updated to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n opera was updated to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix & escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n opera was updated to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n opera was updated to 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-10087=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10087-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T10:39:22", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to 84.0.4316.21:\n\n - CHR-8762 Update chromium on desktop-stable-98-4316 to 98.0.4758.102\n - DNA-97333 \ufffd\ufffd\ufffdAdd a site\ufffd\ufffd\ufffd label on start page tile barely visible\n - DNA-97691 Opera 84 translations\n - DNA-97767 Wrong string in FR\n - DNA-97855 Crash at ScopedProfileKeepAlive::~ScopedProfileKeepAlive()\n - DNA-97982 Enable #snap-upstream-implementation on all streams\n - The update to chromium 98.0.4758.102 fixes following issues:\n CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606,\n CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2022-77=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-07T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-03-07T00:00:00", "id": "OPENSUSE-SU-2022:0077-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L7KXX2TTV5W7GPPK56SZGJJJ4MI5ONP4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T22:08:22", "description": "An update that fixes 9 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Opera was updated to 89.0.4447.71\n\n - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134\n - DNA-100492 authPrivate.storeCredentials should work with running auth\n session\n - DNA-100649 \ufffd\ufffd\ufffdSign out\ufffd\ufffd\ufffd from settings doesn\ufffd\ufffd\ufffdt also sign out from\n auth\n - DNA-100653 VPN Badge popup \ufffd\ufffd\ufffd not working well with different page\n zoom being set in browser settings\n - DNA-100712 Wrong spacing on text to reset sync passphrase in settings\n - DNA-100799 VPN icon is \ufffd\ufffd\ufffdpro\ufffd\ufffd\ufffd on disconnected\n - DNA-100841 Remove Get Subscription and Get button from VPN pro settings\n - DNA-100883 Update missing translations from chromium\n - DNA-100899 Translation error in Turkish\n - DNA-100912 Unable to select pinboards when sync everything is enabled\n - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB\n - DNA-100960 Use after move\n CountryBlacklistServiceImpl::DownloadCountryBlacklist\n - DNA-100961 Use after move\n CategorizationDataCollection::Iterator::Iterator\n - DNA-100989 Crash at\n opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)\n\n - The update to chromium 103.0.5060.134 fixes following issues:\n CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479\n CVE-2022-2480, CVE-2022-2481\n\n - Update to 89.0.4447.51\n\n - DNA-99538 Typed content of address bar shared between tabs\n - DNA-100418 Set 360 so as search engine in China\n - DNA-100629 Launch Auth login when enabling sync while logged in\n - DNA-100776 Popup is too long if there are no services available\n\n - Update to 89.0.4447.48\n\n - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114\n - DNA-100247 Make it possible to display hint when tab scrolling gets\n triggered\n - DNA-100482 Shopping corner icon availability\n - DNA-100575 Add unique IDs to all web element in opera account popup\n - DNA-100625 Opera account popup appears too high on Linux\n - DNA-100627 Enable #snap-from-panel on all stream\n - DNA-100636 DCHECK at suggestion_item.cc(484)\n - DNA-100685 Fix crash when attaching to tab strip scroll buttons\n - DNA-100693 Enable Sticky Site sidebar item to have notification bubble\n - DNA-100698 [AdBlock] Unhandled Disconnect list category:\n \"emailaggressive\"\n - DNA-100716 Misstype Settings \"Enhanced address bar\"\n - DNA-100732 Fix & escaping in translated strings\n - DNA-100759 Crash when loading personal news in private window\n\n - The update to chromium 103.0.5060.114 fixes following issues:\n CVE-2022-2294, CVE-2022-2295, CVE-2022-2296\n\n - Update to 89.0.4447.38\n\n - DNA-100283 Translations for O89\n\n - Complete Opera 89.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-89/\n\n - Changes in 89.0.4447.37\n\n - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66\n - DNA-99780 Crash at zmq::zmq_abort(char const*)\n - DNA-100377 New opera account popup doesn\ufffd\ufffd\ufffdt open on Linux\n - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce\n (base::internal::BindStateBase*, scoped_refptr<T>&&)\n - DNA-100607 Sync \ufffd\ufffd\ufffdSign in\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work with Opera Account\n popup\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:NonFree:\n\n zypper in -t patch openSUSE-2022-10088=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-16T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2163", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481"], "modified": "2022-08-16T00:00:00", "id": "OPENSUSE-SU-2022:10088-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C6CFP4ALDNAUZ4ZAOFXUPGCPSV42N26M/", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2022-05-24T15:34:57", "description": "No description is available for this CVE.\n", "cvss3": {}, "published": "2022-05-24T15:33:15", "type": "redhatcve", "title": "CVE-2022-1364", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2022-05-24T15:33:15", "id": "RH:CVE-2022-1364", "href": "https://access.redhat.com/security/cve/cve-2022-1364", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-10T07:20:59", "description": "\nA security issue was discovered in Chromium, which could result in the\nexecution of arbitrary code.\n\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 100.0.4896.127-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-04-16T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2022-08-10T07:20:53", "id": "OSV:DSA-5121-1", "href": "https://osv.dev/vulnerability/DSA-5121-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:07:11", "description": "\nA security issue was discovered in Chromium, which could result in the\nexecution of arbitrary code if a malicious website is visited.\n\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 99.0.4844.84-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-28T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-1096"], "modified": "2022-08-10T07:07:10", "id": "OSV:DSA-5110-1", "href": "https://osv.dev/vulnerability/DSA-5110-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-06T22:30:06", "description": "\nA security issue was discovered in Chromium, which could result in the\nexecution of arbitrary code.\n\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 105.0.5195.102-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-06T22:30:05", "id": "OSV:DSA-5225-1", "href": "https://osv.dev/vulnerability/DSA-5225-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-28T05:37:59", "description": "CVE-2022-0609: Use after free in Animation\n\n- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n- https://vulners.com/cve/CVE-2022-0609\n\nGoogle is aware of reports that exploits for CVE-2022-0609 exist in the wild.\n\nThe exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T21:51:19", "type": "osv", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-03-28T05:37:52", "id": "OSV:GHSA-VV6J-WW6X-54GX", "href": "https://osv.dev/vulnerability/GHSA-vv6j-ww6x-54gx", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:21:05", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-07-11T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2296", "CVE-2022-2294", "CVE-2022-2295"], "modified": "2022-08-10T07:21:00", "id": "OSV:DSA-5180-1", "href": "https://osv.dev/vulnerability/DSA-5180-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "avleonov": [{"lastseen": "2022-07-29T18:03:34", "description": "Hello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project [Vulristics](<https://github.com/leonov-av/vulristics>).\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239088>\n\n## CVSS redefinitions\n\nA fairly common problem: we have a CVE without an available CVSS vector and score. For example, this was the case with CVE-2022-1364 Type Confusion in V8 (Chromium). This vulnerability [does not exist in NVD](<https://nvd.nist.gov/vuln/detail/CVE-2022-1364>). \n\n![](https://avleonov.com/wp-content/uploads/2022/05/image.png)\n\nThe CVSS for this vulnerability is not available on the Microsoft website. Although this vulnerability itself [exists for the Edge browser](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364>).\n\n![](https://avleonov.com/wp-content/uploads/2022/05/image-1.png)\n\nBut on the other hand, CVSS can be found on other sites, [such as White Source](<https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-1364>).\n\n![](https://avleonov.com/wp-content/uploads/2022/05/image-2.png)\n\nTherefore, I decided to add the ability to manually set the CVSS value for some vulnerabilities in data_redefinitions.py. And this value will be used in the report.\n\n![](https://avleonov.com/wp-content/uploads/2022/05/image-3.png) ![](https://avleonov.com/wp-content/uploads/2022/05/image-4.png)\n\nThis allows you to correctly assess vulnerabilities even if there are some problems in the main data sources.\n\n## Bulk adding Microsoft products from MS CVE data\n\nThe second problem is that I still edit the product description file **data/classification/products.json** manually. This file is used to detect the names of vulnerable products based on the description of the vulnerabilities.\n\nWhen I do the Microsoft Patch Tuesday reports every month, there are new products that are not covered in the file. They appear in the report as Unknown Products. I have to manually add them to the file.\n\nIt's annoying. In addition, there may be products containing the word "Windows" in their name. If there is no separate detection for them, they will be detected as Windows Kernel. And this is not right.\n\nTherefore, I added functions to automatically edit **products.json**. I download all Microsoft CVEs from Vulners.com, extract software names from titles, and add new softwares to products.json.\n\nThose products that have the word Windows in their name are added with the comment "Windows component" and a criticality of 0.8. The remaining products are added with an average criticality of 0.5 and without comment.\n\n![](https://avleonov.com/wp-content/uploads/2022/05/image-5.png)\n\nIt is expected that they will be edited manually if necessary. For all products, the vendor "Microsoft" is set.\n\nI had 358 manually added products, I received 821 candidates for addition. As a result, I got 861 products in the **products.json** file. Big progress without much effort. Now it will be enough to run **update_products_file_from_vulners_ms_cves()** function periodically and this will eliminate problems with manually adding products for MS Patch Tuesday.\n\nIn case of duplication, simply add an additional name to **additional_detection_strings**. Also, of course, you can freely change the **prevalence** and **detection_priority** and they will not be overwritten.\n\nNew improvements can be evaluated in the next episode about Microsoft Patch Tuesday.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-23T20:56:15", "type": "avleonov", "title": "Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-1364"], "modified": "2022-05-23T20:56:15", "id": "AVLEONOV:FDBB133A2C9231CE02F5A15C4AC02F24", "href": "https://avleonov.com/2022/05/23/vulristics-may-2022-update-cvss-redefinitions-and-bulk-adding-microsoft-products-from-ms-cve-data/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-14T11:59:47", "description": "Hello everyone! Microsoft has been acting weird lately. I mean the recent [publication of a propaganda report](<https://t.me/avleonovcom/1021>) about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn't be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in theory, should be more or less neutral, does this\u2026 This is a clear signal. It's not about business anymore. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239096>\n\nI'll take a closer look at this report in the next episode of the Vulnerability Management news, but for now let's take a look at Microsoft July Patch Tuesday. Yes, the vendor is behaving strangely, but Microsoft products need to be patched. Right? At least for now. And tracking vulnerabilities is always a good thing. ![\ud83d\ude42](https://s.w.org/images/core/emoji/14.0.0/72x72/1f642.png)\n\nOn July Patch Tuesday, July 12, 84 vulnerabilities were released. Between June and July Patch Tuesdays, 15 vulnerabilities were released. This gives us 99 vulnerabilities in the report. \n \n \n $ cat comments_links.txt \n Qualys|July 2022 Patch Tuesday. Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.|https://blog.qualys.com/vulnerabilities-threat-research/2022/07/12/july-2022-patch-tuesday\n ZDI|The July 2022 Security Update Review|https://www.zerodayinitiative.com/blog/2022/7/12/the-july-2022-security-update-review\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"July\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n Creating Patch Tuesday profile...\n MS PT Year: 2022\n MS PT Month: July\n MS PT Date: 2022-07-12\n MS PT CVEs found: 84\n Ext MS PT Date from: 2022-06-15\n Ext MS PT Date to: 2022-07-11\n Ext MS PT CVEs found: 15\n ALL MS PT CVEs: 99\n ...\n\n * Urgent: 0\n * Critical: 1\n * High: 19\n * Medium: 78\n * Low: 1\n\nInterestingly, in this Patch Tuesday, more than half of all vulnerabilities are EoP.\n\n## CSRSS EoP\n\nWhat can I say, prioritization in [Vulristics](<https://github.com/leonov-av/vulristics>) works correctly. At the top of the July Patch Tuesday list is one critical and actively exploited **Elevation of Privilege** in Windows CSRSS (CVE-2022-22047). This vulnerability has been widely reported in the media.\n\nClient Server Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem and is included in Windows NT 3.1 and later. Because most of the Win32 subsystem operations have been moved to kernel mode drivers in Windows NT 4 and later, CSRSS is mainly responsible for Win32 console handling and GUI shutdown.\n\nCSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or side-by-side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.\n\nThis Elevation of Privilege vulnerability in CSRSS allows an attacker to execute code as SYSTEM, provided they can execute other code on the target. Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft\u2019s delay in blocking all Office macros by default.\n\nMicrosoft says this vulnerability has been exploited in the wild, though no further details have been shared. There is no public exploit yet. Two similar vulnerabilities in CSRSS (CVE-2022-22049 and CVE-2022-22026) were also fixed, likely as a result of Microsoft\u2019s investigation into the in-the-wild exploitation of CVE-2022-22047.\n\n## RPC RCE\n\n**Remote Code Execution** in Remote Procedure Call Runtime (CVE-2022-22038). Here Microsoft has a POC exploit. This July Patch Tuesday bug could allow a remote, unauthenticated attacker to exploit code on an affected system. While not specified in the bulletin, the presumption is that the code execution would occur at elevated privileges. Combine these attributes and you end up with a potentially wormable bug. Microsoft states the attack complexity is high. Additional actions by an attacker are required in order to prepare a target for successful exploitation and an attacker would need to make \u201crepeated exploitation attempts\u201d to take advantage of this bug, but unless you are actively blocking RPC activity, you may not see these attempts.\n\n## Microsoft Edge Memory Corruption\n\nBetween June and July Patch Tuesday, **Memory Corruption** in Microsoft Edge (CVE-2022-2294) was released. Heap buffer overflow in WebRTC, to be precise. WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps. So, the vulnerability is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. Google is aware that an exploit for this vulnerability exists in the wild. If you\u2019re using Microsoft Edge (Chromium-based), make sure it gets updated as soon as possible.\n\n## Azure Site Recovery RCEs and EOPs\n\nThere are also a lot of vulnerabilities in Azure Site Recovery in July Patch Tuesday. Both EoPs and RCEs, and quite a few with non-public exploits of the POC maturity level. According to the description "Site Recovery is a native disaster recovery as a service (DRaaS)", it would seem that this should be patched by Microsoft themselves. But in fact, there is a Microsoft Azure Site Recovery suite installed on the hosts, and at least some of the vulnerabilities were found in it. \n\nLet's see, for example, **Elevation of Privilege** in Azure Site Recovery (CVE-2022-33675). The vulnerability was discovered and [reported to Microsoft by Tenable researcher Jimi Sebree](<https://www.tenable.com/security/research/tra-2022-26>). The Microsoft Azure Site Recovery suite contains a DLL hijacking flaw that allows for privilege escalation from any low privileged user to SYSTEM. \n\nIncorrect permissions on the service\u2019s executable directory (E:\\Program Files (x86)\\Microsoft Azure Site Recovery\\home\\svsystems\\transport\\\\) allow new files to be created by any user. The service launched from this directory runs automatically and with SYSTEM privileges and attempts to load several DLLs from this directory. This allows for a DLL hijacking/planting attack via several libraries that are attempted to be loaded from this location when the service is launched. Existing deployments should ensure that the Microsoft-supplied patches have been appropriately applied.\n\nThe full Vulristics report is available here: [ms_patch_tuesday_july2022_report](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_july2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-23T08:34:29", "type": "avleonov", "title": "Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22038", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-2294", "CVE-2022-33675"], "modified": "2022-07-23T08:34:29", "id": "AVLEONOV:B87691B304EF70215B926F66B871260A", "href": "https://avleonov.com/2022/07/23/microsoft-patch-tuesday-july-2022-propaganda-report-csrss-eop-rpc-rce-edge-azure-site-recovery/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-24T00:03:21", "description": "Hello everyone! Let's take a look at Microsoft's September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual.\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239101>\n \n \n $ cat comments_links.txt \n Qualys|September 2022 Patch Tuesday|https://blog.qualys.com/vulnerabilities-threat-research/2022/09/13/september-2022-patch-tuesday\n ZDI|THE SEPTEMBER 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/9/13/the-september-2022-security-update-review\n Kaspersky|Patches for 64 vulnerabilities in Microsoft products released|https://www.kaspersky.com/blog/microsoft-patch-tuesday-september-2022/45501/\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"September\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n MS PT Year: 2022\n MS PT Month: September\n MS PT Date: 2022-09-13\n MS PT CVEs found: 63\n Ext MS PT Date from: 2022-08-10\n Ext MS PT Date to: 2022-09-12\n Ext MS PT CVEs found: 27\n ALL MS PT CVEs: 90\n ...\n\n * Urgent: 0\n * Critical: 1\n * High: 41\n * Medium: 44\n * Low: 4\n\n## Exploitable vulnerabilities\n\nThere are no vulnerabilities with public exploits yet. There are 3 vulnerabilities for which there is a Proof-of-Concept Exploit according to data from CVSS.\n\n 1. **Elevation of Privilege **- Kerberos (CVE-2022-33679). An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session key to elevate privileges.\n 2. **Elevation of Privilege **- Azure Guest Configuration and Azure Arc-enabled servers (CVE-2022-38007). An attacker who successfully exploited the vulnerability could replace Microsoft-shipped code with their own code, which would then be run as root in the context of a Guest Configuration daemon. On an Azure VM with the Guest Configuration Linux Extension installed, this would run in the context of the GC Policy Agent daemon. On an Azure Arc-enabled server, it could run in the context of the GC Arc Service or Extension Service daemons. \n 3. **Elevation of Privilege** - Windows GDI (CVE-2022-34729). An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\nBut the likelihood that these exploits will be used in real attacks seems low.\n\n## Exploitation in the wild\n\nThere are 3 vulnerabilities with a sign of exploitation in the wild:\n\n * **Elevation of Privilege** - Windows Common Log File System Driver (CVE-2022-37969). An attacker must already have access and the ability to run code on the target system. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability affects many versions of Windows, there are patches even for EOL versions. In addition to this vulnerability, there was a bunch of EoPs in Windows with no signs of exploitation in the wild, for example **Elevation of Privilege** - Windows Kernel (CVE-2022-37956, CVE-2022-37957, CVE-2022-37964)\n * **Security Feature Bypass** - Microsoft Edge (CVE-2022-2856, CVE-2022-3075). Edge vulnerabilities are actually Chromium vulnerabilities. This is the downside of using the same engine. Chrome vulnerabilities also affect Edge, Opera, Brave, Vivaldi, etc.\n\n## IP packet causes RCE\n\n**Remote Code Execution** - Windows TCP/IP (CVE-2022-34718). An unauthorized attacker can use it to execute arbitrary code on the attacked Windows computer with the IPSec service enabled by sending a specially crafted IPv6 packet to it. This vulnerability can only be exploited against systems with Internet Protocol Security (IPsec) enabled. IPsec and IPv6 are evil. ![\ud83d\ude42](https://s.w.org/images/core/emoji/14.0.0/72x72/1f642.png) But seriously, it's bad that this is even possible.\n\nAnd that's not all, there's more. **Remote Code Execution** - Windows Internet Key Exchange (IKE) Protocol Extensions (CVE-2022-34721, CVE-2022-34722). The IKE protocol is a component of IPsec used to set up security associations (relationships among devices based on shared security attributes). An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. Although these vulnerabilities only affect the IKEv1 protocol version, Microsoft reminds that all Windows Server systems are vulnerable because they accept both v1 and v2 packets.\n\n## Windows DNS Server DoS\n\n**Denial of Service** - Windows DNS Server (CVE-2022-34724). This bug is only rated Important since there\u2019s no chance of code execution, but you should probably treat it as Critical due to its potential impact. A remote, unauthenticated attacker could create a denial-of-service (DoS) condition on your DNS server. It\u2019s not clear if the DoS just kills the DNS service or the whole system. Shutting down DNS is always bad, but with so many resources in the cloud, a loss of DNS pointing the way to those resources could be catastrophic for many enterprises.\n\n## Spectre-BHB\n\n**Memory Corruption** - ARM processor (CVE-2022-23960). This is yet another variation of the Spectre vulnerability (this time Specter-BHB), which interferes with a processor\u2019s speculative execution of instructions mechanism. In other words, the probability of its use in real attacks is extremely small \u2014 the danger is somewhat theoretical. But almost all Patch Tuesday reviewers paid attention to this vulnerability.\n\nFull Vulristics report: [ms_patch_tuesday_september2022](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-23T22:44:11", "type": "avleonov", "title": "Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB", "bulletinFamily": "blog", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23960", "CVE-2022-2856", "CVE-2022-3075", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-34724", "CVE-2022-34729", "CVE-2022-37956", "CVE-2022-37957", "CVE-2022-37964", "CVE-2022-37969", "CVE-2022-38007"], "modified": "2022-09-23T22:44:11", "id": "AVLEONOV:75C789BDAA68C1C2CEC0F20F1D138B01", "href": "https://avleonov.com/2022/09/24/microsoft-patch-tuesday-september-2022-clfs-driver-eop-ip-packet-causes-rce-windows-dns-server-dos-spectre-bhb/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-14T21:27:34", "description": "Hello everyone! I am glad to greet you from the most sanctioned country in the world. Despite all the difficulties, we carry on. I even have some time to release new episodes. This time it will be about Microsoft Patch Tuesday for March 2022. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239076>\n\nI do the analysis as usual with my open source tool Vulristics. You can still [download it on github](<https://github.com/leonov-av/vulristics>). I hope that github won't block Russian repositories and accounts, but for now it looks possible. Most likely, I will just start hosting the sources of my projects on avleonov.com in this case. Or on another domain, if it gets even tougher. Stay tuned.\n\nThis month there have been issues with getting Patch Tuesday blog posts from VM vendors. Qualys' site search broke and DuckDuckGo didn't index the ZDI blog well. Therefore, I added the links to them in **mspt-comments-links-path** manually.\n \n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"March\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n \n $ cat comments_links.txt \n Qualys|March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical|https://blog.qualys.com/vulnerabilities-threat-research/2022/03/08/march-2022-patch-tuesday\n ZDI|THE MARCH 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/3/8/the-march-2022-security-update-review$ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"March\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n\nI made a change to Vulristics so now it can take into account the Exploit Code Maturity from the CVSS Temporal Score of the Microsoft object. Such a mark will be less critical than the presence of an exploit in any exploit pack, but still.\n\nOn March 8, Microsoft published 71 CVEs. Another 30 have been published before since last February's Patch Tuesday, all in Microsoft Edge. In total, 101 vulnerabilities. If we look at CVSS, 50 of them will have a "High" level. According to my Vulristics metric, only 26 of them will have a "High" level. I think it shows that my prioritization is better.\n\n 1. The most critical vulnerability in my report is **Remote Code Execution** - Microsoft Defender for IoT ([CVE-2022-23265](<https://vulners.com/cve/CVE-2022-23265>)). It may not be the most common product, but according to Microsoft, there is a Functional Exploit for this vulnerability. "The code works in most situations where the vulnerability exists". Agree that for such a vulnerability it is interesting. No VM vendors have highlighted this vulnerability.\n 2. In second place, **Remote Code Execution** - Windows Remote Desktop Client ([CVE-2022-21990](<https://vulners.com/cve/CVE-2022-21990>)). "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client". It's certainly hard to imagine anyone actually using such a scenario, but having a Proof-of-Concept Exploit, according to Microsoft, is interesting.\n 3. The following vulnerability was published prior to March Patch Tuesday. **Memory Corruption** - Microsoft Edge ([CVE-2022-0609](<https://vulners.com/cve/CVE-2022-0609>)). Why is this vulnerability here? Because this vulnerability is actively exploited in the wild and has even been included in the [CISA Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n 4. The next is **Remote Code Execution** - Windows SMBv3 Client/Server ([CVE-2022-24508](<https://vulners.com/cve/CVE-2022-24508>)). "Authentication is required here, but since this affected both clients and servers, an attacker could use this for lateral movement within a network". The need for authentication makes this vulnerability less critical, but of course it's worth patching.\n 5. **Security Feature Bypass** - Windows HTML Platforms ([CVE-2022-24502](<https://vulners.com/cve/CVE-2022-24502>)). Another vulnerability that no one highlighted, but there is a Proof-of-Concept Exploit for it somewhere. Perhaps it will develop into something critical.\n 6. This vulnerability is the first one that catches the eye, since it is in software that is usually available on the network perimeter. **Remote Code Execution** - Microsoft Exchange ([CVE-2022-23277](<https://vulners.com/cve/CVE-2022-23277>)). "The vulnerability would allow an authenticated attacker to execute their code with elevated privileges through a network call. Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it. Although passwords can be obtained via phishing and other means, this one shouldn\u2019t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible." Seems like it needs to be patched first. But while there is no public exploit, there is time to do it without much haste. Also, due to the need to get credentials, this vulnerability will most likely not be exploited in broadcast attacks.\n 7. And the last vulnerability that I would like to mention is **Elevation of Privilege** - Windows Fax and Scan Service ([CVE-2022-24459](<https://vulners.com/cve/CVE-2022-24459>)). Also, not much is known about it, except that according to Microsoft there is a Proof-of-Concept Exploit for it.\n\nYou can see the full version of the report here: \n[ms_patch_tuesday_march2022_report_with_comments_ext_img.html](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_march2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-14T17:33:28", "type": "avleonov", "title": "Microsoft Patch Tuesday March 2022", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609", "CVE-2022-21990", "CVE-2022-23265", "CVE-2022-23277", "CVE-2022-24459", "CVE-2022-24502", "CVE-2022-24508"], "modified": "2022-03-14T17:33:28", "id": "AVLEONOV:84C227D6BCF2EBE9D3A584B815D5145A", "href": "https://avleonov.com/2022/03/14/microsoft-patch-tuesday-march-2022/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2023-12-05T11:55:32", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5121-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 16, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-1364\n\nA security issue was discovered in Chromium, which could result in the\nexecution of arbitrary code.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 100.0.4896.127-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-16T18:29:01", "type": "debian", "title": "[SECURITY] [DSA 5121-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1364"], "modified": "2022-04-16T18:29:01", "id": "DEBIAN:DSA-5121-1:3B3A1", "href": "https://lists.debian.org/debian-security-announce/2022/msg00089.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T11:55:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5110-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-1096\n\nA security issue was discovered in Chromium, which could result in the\nexecution of arbitrary code if a malicious website is visited.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 99.0.4844.84-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-28T07:03:21", "type": "debian", "title": "[SECURITY] [DSA 5110-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-03-28T07:03:21", "id": "DEBIAN:DSA-5110-1:CD232", "href": "https://lists.debian.org/debian-security-announce/2022/msg00078.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-04T10:02:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5225-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 06, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-3075\nDebian Bug : 1018937\n\nA security issue was discovered in Chromium, which could result in the\nexecution of arbitrary code.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 105.0.5195.102-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-09-06T20:34:38", "type": "debian", "title": "[SECURITY] [DSA 5225-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3075"], "modified": "2022-09-06T20:34:38", "id": "DEBIAN:DSA-5225-1:927E5", "href": "https://lists.debian.org/debian-security-announce/2022/msg00194.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T11:52:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5180-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 11, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-2294 CVE-2022-2295 CVE-2022-2296\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-11T17:47:32", "type": "debian", "title": "[SECURITY] [DSA 5180-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296"], "modified": "2022-07-11T17:47:32", "id": "DEBIAN:DSA-5180-1:E631C", "href": "https://lists.debian.org/debian-security-announce/2022/msg00148.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:01:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5079-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 17, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 \n CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610\nDebian Bug : 954824 970571 1005230 1005466\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 98.0.4758.102-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-17T22:13:55", "type": "debian", "title": "[SECURITY] [DSA 5079-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610"], "modified": "2022-02-17T22:13:55", "id": "DEBIAN:DSA-5079-1:4C05B", "href": "https://lists.debian.org/debian-security-announce/2022/msg00046.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2023-12-03T17:08:47", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 4.0**\n * **ATTENTION:** Low attack complexity/public exploits are available\n * **Vendor:** Rockwell Automation\n * **Equipment:** FactoryTalk Software, Enhanced HIM for PowerFlex, Connected Components Workbench\n * **Vulnerability:** Type Confusion\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Rockwell products are affected:\n\n * FactoryTalk Linx Enterprise software: Versions 6.20, 6.21, and 6.30\n * Enhanced HIM (eHIM) for PowerFlex 6000T: Version 1.001\n * Connected Components Workbench software: Versions 11, 12, 13, and 20\n * FactoryTalk View Site Edition: Version 13\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843](<https://cwe.mitre.org/data/definitions/843.html>)\n\nRockwell Automation has been made aware of a third-party vulnerability present in multiple vendor components currently in use. Due to how Rockwell Automation uses the Chromium web browser, exploitation of this vulnerability may cause the affected products to become temporarily unavailable. As a result, the CVSS Score was adjusted to reflect how this vulnerability affects these Rockwell products.\n\n[CVE-2022-1096](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1096>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Multiple\n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** United States\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation is in the process of testing and validating the patch and will update this advisory for each product as updated firmware becomes available.\n\nUsers currently utilizing the FactoryTalk View Site Edition should avoid using the web browser control if it is not required for the intended use of the product.\n\nUsers currently utilizing the FactoryTalk View Site Edition web browser can manually download [and apply the updated version of WebView2](<https://compatibility.rockwellautomation.com/Pages/Home.aspx>) by performing these recommended actions: \n\n * Replace the Microsoft WebView2 file in the C:\\Program Files (x86)\\Rockwell Software\\RS View Enterprise\\Microsoft.WebView2.FixedVersionRuntime directory by copying and pasting the new version of the software into the folder. \n * Users should be sure to not remove the contents of the folder before pasting the new file.\n\nUsers currently utilizing Enhanced HIM (eHIM) for Power Flex 6000T drives should perform the following recommended actions to address the vulnerability: \n\n * Update the Microsoft Edge browser to Version 99.0.1150 or later.\n * Apply the update for eHIM when made available.\n\nIf applying the mitigations noted above is not feasible, then see Rockwell Automation\u2019s Knowledgebase article, [Security Best Practices (login required)](<https://rockwellautomation.custhelp.com/>), for additional recommendations for maintaining adequate environment security posture.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/Recommended-Practices>) on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>). Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with [Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nThis vulnerability is not exploitable remotely.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-28T12:00:00", "type": "ics", "title": "Rockwell Products Impacted by Chromium Type Confusion", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-07-28T12:00:00", "id": "ICSA-22-209-01", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-209-01", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:49:03", "description": "## **[View CSAF](<https://github.com/cisagov/CSAF>)**\n\n## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.6**\n * **ATTENTION**: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation\n * **Vendor**: Rockwell Automation\n * **Equipment**: Connected Components Workbench\n * **Vulnerabilities**: Use After Free, Out-of-bounds Write\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption via a crafted HTML.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Rockwell Automation Connected Components Workbench Smart Security Manager are affected:\n\n * Connected Components Workbench: versions prior to R21\n\n### 3.2 Vulnerability Overview\n\n#### 3.2.1 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains a use after free vulnerability in Google Chrome versions before 86.0.4240.198. If exploited, a remote threat actor could potentially perform a sandbox escape via a crafted HTML page.\n\n[CVE-2020-16017](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16017>) has been assigned to this vulnerability. A CVSS v3 base score of 9.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H>)).\n\n#### 3.2.2 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains a use after free vulnerability in Animation within Google Chrome before 98.0.4758.102. This vulnerability could potentially allow a remote threat actor to exploit heap corruption via a crafted HTML page.\n\n[CVE-2022-0609](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0609>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.3 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains an inappropriate implementation in V8 of Google Chrome before 86.0.4240.18. This vulnerability allows a remote threat actor to potentially exploit heap corruption via a crafted HTML page.\n\n[CVE-2020-16009](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16009>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.4 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains an inappropriate implementation in V8 of Google Chrome before 86.0.4240.198. This vulnerability allows a remote threat actor to potentially exploit heap corruption via a crafted HTML page.\n\n[CVE-2020-16013](<https://nvd.nist.gov/vuln/detail/CVE-2020-16013>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.5 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nConnected Components Workbench utilizes CefSharp version 81.3.100 that contains a heap buffer overflow vulnerability in Freetype within Google Chrome before 86.0.4240.111. This vulnerability could allow a remote threat actor to potentially exploit heap corruption via a crafted HTML page.\n\n[CVE-2020-15999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15999>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Multiple\n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** United States\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation recommends users to update to [R21 and later](<https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&versions=62094,61582,61171,59954,57681,56704,55972,55834,55171,55113,54814,54367,54015,52536,52079,51735,51580,50987,50897,50616,50061>).\n\nUsers with the affected software are encouraged to apply the risk mitigations, if possible.\n\nAdditionally, Rockwell Automation encourages users to implement their suggested security best practices to minimize the risk of vulnerability.\n\n * [Security Best Practices](<https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:\n\n * Minimize network exposure for all control system devices and/or systems, ensuring they are [not accessible from the internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolating them from business networks.\n * When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/resources-tools/resources/ics-recommended-practices>) on the ICS webpage on [cisa.gov/ics](<https://www.cisa.gov/topics/industrial-control-systems>). Several CISA products detailing cyber defense best practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nCISA encourages organizations to implement recommended cybersecurity strategies for [proactive defense of ICS assets](<https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://www.cisa.gov/topics/industrial-control-systems>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks:\n\n * Do not click web links or open attachments in unsolicited email messages.\n * Refer to [Recognizing and Avoiding Email Scams](<https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf>) for more information on avoiding email scams.\n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://www.cisa.gov/uscert/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\n## 5\\. UPDATE HISTORY\n\n * September 21, 2023: Initial Publication\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2023-09-21T12:00:00", "type": "ics", "title": "Rockwell Automation Connected Components Workbench", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16013", "CVE-2020-16017", "CVE-2022-0609"], "modified": "2023-09-21T12:00:00", "id": "ICSA-23-264-05", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-05", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-12-03T18:40:57", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * chromium-browser \\- Chromium web browser, open-source version of Chrome\n\nIt was discovered that Chromium incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-28T00:00:00", "type": "ubuntu", "title": "Chromium vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-03-28T00:00:00", "id": "USN-5350-1", "href": "https://ubuntu.com/security/notices/USN-5350-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T18:34:56", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript \nengines. If a user were tricked into viewing a malicious website, a remote \nattacker could exploit a variety of issues related to web browser security, \nincluding cross-site scripting attacks, denial of service attacks, and \narbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-15T00:00:00", "type": "ubuntu", "title": "WebKitGTK vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-15T00:00:00", "id": "USN-5568-1", "href": "https://ubuntu.com/security/notices/USN-5568-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-03T17:33:22", "description": "The chromium-browser-stable package has been updated to 99.0.4844.84 that fixes one security vulnerability and many bugs (together with 99.0.4844.82). Type Confusion in V8. Reported by anonymous on 2022-03-23 Google is aware that an exploit for CVE-2022-1096 exists in the wild. (CVE-2022-1096) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-28T19:23:37", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-03-28T19:23:37", "id": "MGASA-2022-0118", "href": "https://advisories.mageia.org/MGASA-2022-0118.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:22", "description": "The updated packages fix security vulnerabilities and other issues. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-20T13:04:13", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2294", "CVE-2022-32792", "CVE-2022-32816"], "modified": "2022-08-20T13:04:13", "id": "MGASA-2022-0287", "href": "https://advisories.mageia.org/MGASA-2022-0287.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gitlab": [{"lastseen": "2023-12-03T16:14:45", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-FF3BD63BDD01DCAB69F73F5C67C8E8D9", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Common.NETCore%2FGMS-2022-141.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-19T16:06:06", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-BE424589ED0C337DD3884B216A3892B2", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Common%2FGMS-2022-140.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-17T15:47:18", "description": "The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-5276A663FE45AAB11A41593871966211", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.OffScreen%2FGMS-2022-142.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:09:31", "description": "Use after free in Animation. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-34BA340EEEB0AC5BD42079A6FA2C932A", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf%2FGMS-2022-146.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-29T15:16:59", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-14506204EDDBCC426EDE99AF8BB58E00", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.WinForms.NETCore%2FGMS-2022-145.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T15:16:40", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-B95DA60B50B8780F2FE1144BC6D2A9EA", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.WinForms%2FGMS-2022-144.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:08:45", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-5C55E4CE507C85E21B1AFFF594C436B8", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf.HwndHost%2FGMS-2022-147.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T04:32:23", "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-4645688CBD76D08EFF12D00465ABCA3B", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.OffScreen.NETCore%2FGMS-2022-143.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:09:03", "description": "Use after free in Animation. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "gitlab", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-02-22T00:00:00", "id": "GITLAB-BAB522840703640933BAA696F2FDFDBD", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf.NETCore%2FGMS-2022-148.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2023-12-03T17:28:18", "description": "CVE-2022-0609: Use after free in Animation\n\n- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\n- https://vulners.com/cve/CVE-2022-0609\n\nGoogle is aware of reports that exploits for CVE-2022-0609 exist in the wild.\n\nThe exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-22T21:51:19", "type": "github", "title": "Use after free in Animation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2023-02-03T05:06:25", "id": "GHSA-VV6J-WW6X-54GX", "href": "https://github.com/advisories/GHSA-vv6j-ww6x-54gx", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-12-03T19:08:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-07T15:15:37", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-99.0.4844.84-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-04-07T15:15:37", "id": "FEDORA:E6CD0309D335", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SNZ5LV2VQ4XBX7BUSJIEIY4A6UKBOSQQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:08:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-07T15:26:48", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: chromium-99.0.4844.84-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-04-07T15:26:48", "id": "FEDORA:25D31307CC0A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3F4XVMI7WRTNKAUOO5LS2QD2VLAYEHU/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T19:08:39", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-07T04:44:56", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: chromium-99.0.4844.84-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2022-05-07T04:44:56", "id": "FEDORA:0BF68306D452", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/H3ZTFGPOCHH67FAWKWZZ4MBY2ET254GQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2023-12-03T21:02:58", "description": "# Chrome-and-Edge-Version-Dumper\nPowershell script ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-29T20:06:33", "type": "githubexploit", "title": "Exploit for Type Confusion in Google Chrome", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096"], "modified": "2023-09-28T11:37:29", "id": "D424D6C6-13F7-5CAE-8771-9103296520B9", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "schneier": [{"lastseen": "2022-04-08T19:28:29", "description": "North Korean hackers have been [exploiting](<https://arstechnica.com/information-technology/2022/03/north-korean-hackers-unleashed-chrome-0-day-exploit-on-hundreds-of-us-targets/>) a zero-day in Chrome.\n\n> The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.\n\n[Details](<https://blog.google/threat-analysis-group/countering-threats-north-korea/>):\n\n> The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised.\n> \n> The kit initially serves some heavily obfuscated javascript used to fingerprint the target system. This script collected all available client information such as the user-agent, resolution, etc. and then sent it back to the exploitation server. If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript. If the RCE was successful, the javascript would request the next stage referenced within the script as "SBX", a common acronym for Sandbox Escape. We unfortunately were unable to recover any of the stages that followed the initial RCE.\n> \n> Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages. These safeguards included:\n> \n> * Only serving the iframe at specific times, presumably when they knew an intended target would be visiting the site. \n> * On some email campaigns the targets received links with unique IDs. This was potentially used to enforce a one-time-click policy for each link and allow the exploit kit to only be served once. \n> * The exploit kit would AES encrypt each stage, including the clients' responses with a session-specific key. \n> * Additional stages were not served if the previous stage failed.\n> \n> Although we recovered a Chrome RCE, we also found evidence where the attackers specifically checked for visitors using Safari on MacOS or Firefox (on any OS), and directed them to specific links on known exploitation servers. We did not recover any responses from those URLs.\n\nIf you're a Chrome user, patch your system now.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-31T11:13:50", "type": "schneier", "title": "Chrome Zero-Day from North Korea", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0609"], "modified": "2022-03-30T14:37:31", "id": "SCHNEIER:A04F4786905DA91D85C88E72BCD1F5E6", "href": "https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2022-06-20T04:43:33", "description": "", "cvss3": {}, "published": "2022-06-20T00:00:00", "type": "packetstorm", "title": "Chrome CVE-2022-1096 Incomplete Fix", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-1096", "CVE-2022-1232"], "modified": "2022-06-20T00:00:00", "id": "PACKETSTORM:167516", "href": "https://packetstormsecurity.com/files/167516/Chrome-CVE-2022-1096-Incomplete-Fix.html", "sourceData": "`Chrome: Incomplete fix for CVE-2022-1096 \n \nVULNERABILITY DETAILS \nThe fix for https://crbug.com/1309225 has modified `SetPropertyInternal()` to fall back to `SetSuperProperty()` whenever a property access interceptor is encountered because `SetSuperProperty()` is robust against possible side effects caused by interceptors. \n \nUnfortunately, the function `JSObject::DefineOwnPropertyIgnoreAttributes()` is also affected by the bug and requires the same change. \n \n \nVERSION \nGoogle Chrome 100.0.4896.60 (Official Build) (arm64) \nChromium 102.0.4972.0 (Developer Build) (64-bit) \n \n \nREPRODUCTION CASE \nTo make the exploit functional again, the attacker only needs to replace one property store with an `Object.defineProperty()` call: \n \n``` \n<script> \nstyle = document.createElement('p').style; \nObject.defineProperty(style, 'prop', { \nvalue: { toString() { style.prop = 1 } } \n}); \n</script> \n``` \n \nThe repro case above triggers the same DCHECK failure: \n \n``` \n# \n# Fatal error in ../../v8/src/objects/map.cc, line 437 \n# Debug check failed: map->instance_descriptors(isolate) .Search(*name, map->NumberOfOwnDescriptors()) .is_not_found(). \n# \n``` \n \nCREDIT INFORMATION \nSergei Glazunov of Google Project Zero \n \n \nThis bug is subject to a 90-day disclosure deadline. If a fix for this \nissue is made available to users before the end of the 90-day deadline, \nthis bug report will become public 30 days after the fix was made \navailable. Otherwise, this bug report will become public at the deadline. \nThe scheduled deadline is 2022-06-28. \n \n \nRelated CVE Numbers: CVE-2022-1232,CVE-2022-1096. \n \n \n \nFound by: glazunov@google.com \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/167516/GS20220620005024.txt"}], "qt": [{"lastseen": "2023-12-03T15:04:38", "description": "Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html. This has been assigned the CVE id CVE-2022-1096. \n \nThis effects QtWebEngine as well since it is using Chromium to provide that functionality. Therefore as a result Qt needs to be patched as well to fix this problem. There is no workaround for this so the only solution is to apply the patch. \n \nSolution: Apply the patch or update to Qt 5.15.9, Qt 6.2.5 or Qt 6.3.0.\n\nPatches:\n\nQt 6.3: <https://download.qt.io/official_releases/qt/6.3/CVE-2022-1096-qtwebengine-6.3.diff> \nQt 6.2: <https://download.qt.io/official_releases/qt/6.2/CVE-2022-1096-qtwebengine-6.2.diff> \nQt 5.15: <https://download.qt.io/official_releases/qt/5.15/CVE-2022-1096-qtwebengine-5.15.diff>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-04T00:00:00", "type": "qt", "title": "Security advisory: Recently reported Chromium \"Type confusion\" issue impacts Qt WebEngine", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1096", "CVE-2023-43114"], "modified": "2022-04-04T00:00:00", "id": "QT:B64AD93E56170FC29816162A7B78DDBC", "href": "https://www.qt.io/blog/security-advisory-recently-reported-chromium-impacts-qtwebengine", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "trellix": [{"lastseen": "2022-08-03T00:00:00", "description": "# The Bug Report \u2013 July 2022 Edition \n\nBy Trellix \u00b7 August 3, 2022 \nThis story was also written by Kasimir Schulz and Jesse Chick\n\n## Your Cybersecurity Comic Relief\n\n![The Bug Report \u2013 July 2022 Edition](https://www.trellix.com/en-us/img/newsroom/stories/the-bug-report-july-2022-edition-1.jpg)\n\n### Why am I here?\n\nWelcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at it again, trawling for this month's spiciest software-defined mishaps for your schadenfreudian pleasure. (Or, rather, we made the intern do it.) So crank up the AC, kick your feet up with your cold beverage of choice, and enjoy the cream of July\u2019s vulnerability crop.\n\nFortunately, most of the vulnerabilities that we report cannot cause fires no matter how they are abused. This month, however, we have something special for you with CVE-2022-2107. But don\u2019t worry, if that\u2019s too hot for you to handle we also have two more vulnerabilities that cause headaches:\n\n * CVE-2022-2294: WebRTC\n * CVE-2022-2107: MiCODUS MV720\n * CVE-2022-20857: Cisco Nexus Dashboard\n\n## CVE-2022-2294: Heaps of 4th of July fun in Mountain View!\n\n### What is it?\n\nWe have all heard and rolled our eyes at the banal adage that money cannot buy happiness (unless, of course, you are in Las Vegas). Money also cannot buy immunity from critical browser vulnerabilities, as one of the richest companies in the world learned once again earlier this month. While we in the United States were out celebrating Independence Day\u2014or \u201cGood-riddance Day,\u201d as it's known across the Pond\u2014Google was busy hustling out a patch for a high-severity heap-based buffer overflow ([CWE-122](<https://cwe.mitre.org/data/definitions/122.html>)) in WebRTC. \n\nIf you are like us and have seen \u201cWebRTC\u201d crop up in technical documentation time and time again without sufficient cause to look up what it is, here is all you need to know. WebRTC stands for Web Real-Time Communication. It is used in most common browsers (including, most notably for us, Google Chrome) to enable browser-to-browser video and audio streams without the need for plugins or other third-party installations. It is enabled by default in Chrome.\n\n### Who cares?\n\nIf you are reading this article, you\u2019re using a web browser. If I were to guess, you are viewing this article with Chrome and, according to [statcounter](<https://gs.statcounter.com/browser-market-share>), I\u2019d be right about two out of three times. Although the existing proof of concept (POC) referenced below was tailored to Chrome running on Windows hosts, it is likely that all browsers leveraging WebRTC are vulnerable to similar exploitation. This list includes Safari and Edge, the runners-up in the Chrome-dominated browser market. And it\u2019s not just desktop applications; this vulnerability affects Android devices as well. You get the idea. True enough, an attacker will almost surely need to go to all the effort of concocting an elaborate attack chain around CVE-2022-2294 to do serious damage. Still, how safe does that make you feel?\n\nDue to the give-and-take nature of responsible disclosure, very few details about the precise nature of the vulnerability tracked as CVE-2022-2294 have reached the public domain. What we do know for certain, thanks to some crafty forensic work from security researchers with Avast, is that this vulnerability has been exploited in the wild numerous times by known threat actors as part of a larger, targeted attack chain deployed against specific organizations in the Middle East.\n\nPerhaps the most accessible path to appreciating the potential impact of this on information security is through a cursory understanding of the event which led Avast to report the vulnerability to Google in the first place. Attackers were able to gain initial access to a Lebanese news agency\u2019s protected network via cross-site scripting (XSS). Their malicious JavaScript then scanned the set of accessible hosts for indications of vulnerability to CVE-2022-2294, delivering the exploit with precision. The shellcode execution achieved via WebRTC was used to deliver a sophisticated form of spyware known, graphically, as DevilsTongue, which was injected into the victim\u2019s kernel to furtively siphon off private data to the attackers. The good people at Avast elaborate further on the details of CVE-2022-2294's discovery and its in-the-wild exploitation in [their own blog](<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>).\n\n### What can I do?\n\nLuckily for us, Google engineers don\u2019t like fireworks and pushed out a patch within days of initial disclosure. Microsoft followed suit the following day (July 5) with a patch for Edge, and Apple, taking its sweet time, patched Safari on the 20th. If you have automatic browser updates enabled (which you probably should, hint hint), you are already impervious to this piece of mischief. Chrome users who prefer manual updates should ensure they are running version [103.0.5060.114](<https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html>) or newer.\n\n## CVE-2022-2107: Anyone know a good automotive exorcist?\n\n### What is it?\n\nLet's be honest, hacker movies piss us off. Simply enter the master password and you\u2019re in? Give us a break. Well, looks like Hollywood isn\u2019t that far off after all. CVE-2022-2107 is a hardcoded key in the API server belonging to MiCODUS, a company that sells professional GPS trackers. This CVE may just be a hardcoded key in the API server, but it allows attackers unauthenticated access to log into the web server, to impersonate users, and directly send commands to the GPS trackers of MiCODUS MV720 devices. Rather than logging in and obtaining a key, attackers can use the hardcoded key when accessing API endpoints. CVE-2022-2107 gives attackers power on par with Jeff Goldblum in Independence Day, letting a hacker use any device with internet capabilities to take down entire fleets of vehicles. By using the hardcoded key an attacker can cut off fuel to vehicles, enable and disable alarms, and track the vehicles\u2019 GPS location in real time. The key also allows attackers to access and modify all other data such as routes and geofences. Now, I know what you must be thinking, this sounds too good to be true, there must be some catch or some sort of condition for when this vulnerability can be exploited, and you would be right. In order to target the GPS trackers an attacker will need to know the device ID, but sadly for the users, this is sequentially generated.\n\nAlready sweating like Ted Striker in Airplane? Well... [BitSight](<https://www.bitsight.com/>), the company that reported this CVE, reported [several](<https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf>) other vulnerabilities including information about device usage and vulnerable attack surfaces. Among these vulnerabilities was a way to send commands directly to the tracker (CVE-2022-2141) allowing an attacker to execute commands if they had the password for the device. BitSight also found that since the device did not prompt the users to change their password, most (94.5% of the sample) devices used the default password of 123456. \n\n### Who cares?\n\nAre you part of a Fortune 50 company in energy, oil, or gas? How about a national government or law enforcement agency? Maybe you are part of a manufacturing conglomerate? No? So, then you think that you probably shouldn\u2019t worry about this vulnerability, right? Wrong. Not only does the vulnerability have the potential to shut down entire supply chains by turning off fleets of cars, but the vulnerability also allows attackers to shut off cars potentially causing accidents on the road resulting in potential injuries. Over the course of several months, BitSight gathered data and identified differences in the usage of the MiCODUS devices throughout the globe as seen in the graphic below.\n\nIn their report, BitSight published proof of concept attacks for each reported vulnerability along with publishing the hardcoded key for the API server. BitSight first contacted MiCODUS on September 9, 2021, however, luckily for malicious actors, MiCODUS has been slower than congressional proceedings when it has come to patching. As of the writing of this blog the hardcoded key can still be used to access any API endpoint injunction with the device ID. Device IDs are easy to guess through brute force methods as they are sequentially generated based on the format 72011XXXXXX. \n\n![The Bug Report \u2013 July 2022 Edition](https://www.trellix.com/en-us/img/newsroom/stories/the-bug-report-july-2022-edition-2.jpg) Geographical differences in sector usages found by [BitSight](<https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf>) \n\n\n### What can I do?\n\nIf you have read our bug reports in the past you know that normally our advice is to Patch, Patch, Patch!! However, with this CVE there is nothing that the average users can do other than disable their devices. The vulnerability described in CVE-2022-2107 exists within MiCODUS\u2019s server and can only be patched by them. For users and organizations hosting their own API server, make sure that you have proper authentication on API endpoints.\n\nWhile there is nothing the average user can do for CVE-2022-2107 other than disabling their devices, there are things that they should do for the other CVE\u2019s filed by BitSight. The most important of these is to update your default password. According to BitSight, 94.5% of the devices they sampled were using the default password and could therefore be controlled without the need for other vulnerabilities. \n\n## CVE-2022-20857: Ignorance isn't always bliss...\n\n### What is it?\n\nIt\u2019s not only college business majors who enjoy pretty, graphical abstractions of dense technical information; we command line folks love a nice interactive overview of our networked devices, too. That is assuming, of course, that said dashboard is not riddled with vulnerabilities, like the Cisco Nexus Dashboard. During a recent internal audit of Cisco\u2019s product suite, ASIG (Cisco\u2019s Advanced Security Initiatives Group) discovered three serious vulnerabilities affecting all versions of the Nexus Dashboard, the most critical of which is CVE-2022-20857.\n\nThe culprit is a single API endpoint which lacks authentication ([CWE-306](<https://cwe.mitre.org/data/definitions/306.html>)), exposing an attack vector through which a malicious agent could achieve remote code execution as root over HTTP. To appreciate the scope of the vulnerability more fully, we need to establish a rudimentary understanding of how Nexus Dashboard is architected. Logically speaking, the dashboard consists of a cluster of several services supporting its many available features. This cluster is exposed to two distinct network interfaces:\n\n * The management network, over which information is exchanged between the cluster and the Dashboard GUI, including actions such as firmware uploads and other core services e.g. SSH and DNS. \n * The data network, which handles all traffic between the cluster and the rest of the connected Cisco infrastructure, as well as intra-cluster communication.\n\nThe vulnerable API endpoint lives in the **data network**, suggesting that exploitation of CVE-2022-20857 could allow an attacker to pivot to any host reachable by the compromised device.\n\n### Who cares?\n\nAt risk of stating the obvious, if you or your organization is using the Nexus Dashboard, this and the other vulnerabilities outlined in [Cisco\u2019s security advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y>) should be of top concern. In the worst-case scenario, a compromised host with access to core internal routing and hosting services is about as bad as it can get in information security.\n\n### What can I do?\n\nBefore any additional sphincter-tightening takes place, you should know that Cisco has patched these vulnerabilities in the [May 8th release](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/release-notes/cisco-nexus-dashboard-release-notes-221.html>) (2.2.1e) of Nexus Dashboard. If you\u2019re unsure of which version your organization is currently using, you can verify this easily by logging in to the Dashboard\u2019s command line interface via SSH and running `acs version`. **All versions prior to 2.2.1e are vulnerable**, so your network administrator should update to this or the subsequent version 2.2.1h, available as of June 6. This can be done by the recommended means of [upgrading your entire Dashboard cluster](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/user-guide/cisco-nexus-dashboard-user-guide-211/operations.html#_firmware_management_cluster_upgrades>) in one go, or by [manually upgrading individual nodes](<https://www.cisco.com/c/en/us/td/docs/dcn/nd/2x/user-guide/cisco-nexus-dashboard-user-guide-211/troubleshooting.html#_manual_upgrades>) in the cluster if needed.\n", "cvss3": {}, "published": "2022-08-03T00:00:00", "type": "trellix", "title": "The Bug Report \u2013 July 2022 Edition", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-20857", "CVE-2022-2107", "CVE-2022-2141", "CVE-2022-2294"], "modified": "2022-08-03T00:00:00", "id": "TRELLIX:6AC0A8EB929E0B0AC515928EFCB01642", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-july-2022-edition.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-04-06T00:00:00", "description": "# The Bug Report - March 2022 \n\nBy Charles McFarland \u00b7 April 6, 2022\n\n## Your Cybersecurity Comic Relief\n\n[![Cybersecurity Comic Relief](https://www.trellix.com/en-us/img/newsroom/stories/bug-report-march-20221.jpg)](<https://toggl.com/>) **Comic from https://geek-and-poke.com/ and remains unedited. \nhttps://creativecommons.org/licenses/by/3.0/ \nUse of this comic does not indicate endorsement by the creator. ** \n\n\n## Why am I here?\n\nWelcome back the Bug Report, the more-bugs-than-bagels edition. Everyone could use a bagel but unfortunately, we are fresh out. No worries, we have a healthy serving of bugs as the main course for this month. For those unfamiliar with our report, [every month](<https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-bug-report-february-2022.html>) we compile a short list of the top vulnerabilities of the month for your intellectual consumption. Sit back, relax and enjoy the cuisine.\n\nThis month there was no shortage of bugs to choose from as we March toward a bug free world! Of course, that\u2019s never gonna happen but one may dream. The closet I\u2019ve ever come to \u2018bug free\u2019 was when I once lived in a ladybug infested house in the country. True, they took care of all the other \u2018bad\u2019 bugs, but the ceiling was literally covered in red with black polka dots! I digress. March has some scary bugs for the Linux community as well as a couple being actively exploited by the bad guys. Let\u2019s get to the March 2022 bug list so you can start your extermination!\n\n * CVE-2022-0847: Linux Kernel (Dirty Pipe)