Gentoo update for Chromium, Google Chrome



Published: 2022-01-31
Risk Critical
Patch available YES
Number of vulnerabilities 179
CVE-ID CVE-2021-30565
CVE-2021-30566
CVE-2021-30567
CVE-2021-30568
CVE-2021-30569
CVE-2021-30571
CVE-2021-30572
CVE-2021-30573
CVE-2021-30574
CVE-2021-30575
CVE-2021-30576
CVE-2021-30577
CVE-2021-30578
CVE-2021-30579
CVE-2021-30580
CVE-2021-30581
CVE-2021-30582
CVE-2021-30583
CVE-2021-30584
CVE-2021-30585
CVE-2021-30586
CVE-2021-30587
CVE-2021-30588
CVE-2021-30589
CVE-2021-30590
CVE-2021-30591
CVE-2021-30592
CVE-2021-30593
CVE-2021-30594
CVE-2021-30596
CVE-2021-30597
CVE-2021-30598
CVE-2021-30599
CVE-2021-30600
CVE-2021-30601
CVE-2021-30602
CVE-2021-30603
CVE-2021-30604
CVE-2021-30606
CVE-2021-30607
CVE-2021-30608
CVE-2021-30609
CVE-2021-30610
CVE-2021-30611
CVE-2021-30612
CVE-2021-30613
CVE-2021-30614
CVE-2021-30615
CVE-2021-30616
CVE-2021-30617
CVE-2021-30618
CVE-2021-30619
CVE-2021-30620
CVE-2021-30621
CVE-2021-30622
CVE-2021-30623
CVE-2021-30624
CVE-2021-30625
CVE-2021-30626
CVE-2021-30627
CVE-2021-30628
CVE-2021-30629
CVE-2021-30630
CVE-2021-30631
CVE-2021-30632
CVE-2021-30633
CVE-2021-37956
CVE-2021-37957
CVE-2021-37958
CVE-2021-37959
CVE-2021-37960
CVE-2021-37961
CVE-2021-37962
CVE-2021-37963
CVE-2021-37965
CVE-2021-37966
CVE-2021-37967
CVE-2021-37968
CVE-2021-37970
CVE-2021-37971
CVE-2021-37973
CVE-2021-37974
CVE-2021-37975
CVE-2021-37976
CVE-2021-37977
CVE-2021-37978
CVE-2021-37979
CVE-2021-37981
CVE-2021-37982
CVE-2021-37983
CVE-2021-37984
CVE-2021-37985
CVE-2021-37986
CVE-2021-37987
CVE-2021-37988
CVE-2021-37989
CVE-2021-37990
CVE-2021-37991
CVE-2021-37992
CVE-2021-37993
CVE-2021-37994
CVE-2021-37995
CVE-2021-37996
CVE-2021-37997
CVE-2021-37998
CVE-2021-37999
CVE-2021-38000
CVE-2021-38001
CVE-2021-38002
CVE-2021-38003
CVE-2021-38005
CVE-2021-38006
CVE-2021-38007
CVE-2021-38008
CVE-2021-38009
CVE-2021-38010
CVE-2021-38011
CVE-2021-38012
CVE-2021-38013
CVE-2021-38014
CVE-2021-38015
CVE-2021-38016
CVE-2021-38017
CVE-2021-38018
CVE-2021-38019
CVE-2021-38020
CVE-2021-38021
CVE-2021-38022
CVE-2021-4098
CVE-2021-4099
CVE-2021-4100
CVE-2021-4101
CVE-2021-4102
CVE-2022-0096
CVE-2022-0097
CVE-2022-0098
CVE-2022-0099
CVE-2022-0100
CVE-2022-0101
CVE-2022-0102
CVE-2022-0103
CVE-2022-0104
CVE-2022-0105
CVE-2022-0106
CVE-2022-0107
CVE-2022-0108
CVE-2022-0109
CVE-2022-0110
CVE-2022-0111
CVE-2022-0112
CVE-2022-0113
CVE-2022-0114
CVE-2022-0115
CVE-2022-0116
CVE-2022-0117
CVE-2022-0118
CVE-2022-0120
CVE-2022-0289
CVE-2022-0290
CVE-2022-0291
CVE-2022-0292
CVE-2022-0293
CVE-2022-0294
CVE-2022-0295
CVE-2022-0296
CVE-2022-0297
CVE-2022-0298
CVE-2022-0300
CVE-2022-0301
CVE-2022-0302
CVE-2022-0303
CVE-2022-0304
CVE-2022-0305
CVE-2022-0306
CVE-2022-0307
CVE-2022-0308
CVE-2022-0309
CVE-2022-0310
CVE-2022-0311
CWE-ID CWE-787
CWE-121
CWE-416
CWE-122
CWE-264
CWE-125
CWE-908
CWE-358
CWE-451
CWE-843
CWE-20
CWE-362
CWE-200
CWE-284
CWE-119
CWE-310
CWE-749
CWE-664
Exploitation vector Network
Public exploit Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #58 is available.
Vulnerability #65 is being exploited in the wild.
Vulnerability #66 is being exploited in the wild.
Vulnerability #81 is being exploited in the wild.
Vulnerability #83 is being exploited in the wild.
Vulnerability #84 is being exploited in the wild.
Public exploit code for vulnerability #87 is available.
Vulnerability #107 is being exploited in the wild.
Public exploit code for vulnerability #108 is available.
Vulnerability #110 is being exploited in the wild.
Vulnerability #133 is being exploited in the wild.
Vulnerable software
Subscribe
Gentoo Linux
Operating systems & Components / Operating system

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 179 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU55104

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30565

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU55105

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30566

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in Printing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU55106

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30567

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the DevTools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU55107

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30568

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebGL. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU55108

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30569

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the sqlite component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55109

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30571

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU55110

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30572

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU55111

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-30573

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Use-after-free

EUVDB-ID: #VU55112

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30574

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the protocol handling component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU55113

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30575

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Autofill component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU55114

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30576

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within DevTools in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55115

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30577

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Installer in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use of uninitialized resource

EUVDB-ID: #VU55116

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30578

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Media in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU55117

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30579

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within UI framework in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55118

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30580

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Android intents in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU55119

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30581

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within DevTools in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improperly implemented security check for standard

EUVDB-ID: #VU55120

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30582

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Animation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55121

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30583

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in image handling on Windows in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Spoofing attack

EUVDB-ID: #VU55122

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30584

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU55123

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30585

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within sensor handling in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU55124

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30586

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within dialog box handling on Windows in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improperly implemented security check for standard

EUVDB-ID: #VU55125

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30587

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Compositing on Windows in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Type Confusion

EUVDB-ID: #VU55126

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30588

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU55127

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30589

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Sharing in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Heap-based buffer overflow

EUVDB-ID: #VU55490

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30590

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Bookmarks. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU55491

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30591

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the File System API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds write

EUVDB-ID: #VU55492

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30592

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU55493

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30593

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Tab Strip component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU55494

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30594

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Page Info UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Spoofing attack

EUVDB-ID: #VU55495

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30596

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU55496

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30597

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Browser UI in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Type Confusion

EUVDB-ID: #VU55869

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30598

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in V8. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Type Confusion

EUVDB-ID: #VU55870

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30599

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in V8. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU55871

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30600

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Printing. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU55872

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30601

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Extensions API. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU55873

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30602

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in WebRTC. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Race condition

EUVDB-ID: #VU55874

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30603

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition in WebAudio. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU55875

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30604

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in ANGLE. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU56198

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30606

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Blink component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU56199

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30607

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Permissions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU56200

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30608

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Web Share component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU56201

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30609

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Sign-In component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU56202

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30610

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Extensions API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU56203

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30611

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within WebRTC in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU56204

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30612

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within WebRTC in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU56205

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30613

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Base internals in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Heap-based buffer overflow

EUVDB-ID: #VU56206

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30614

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in TabStrip. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Information disclosure

EUVDB-ID: #VU56214

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30615

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to cross-domain data leak in Navigation in Google Chrome. A remote attacker can trick the victim to open a specially crafted website and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU56207

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30616

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Media in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper access control

EUVDB-ID: #VU56208

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30617

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions in Blink. A remote attacker can create a specially crafted web page, trick the victim into visiting it, bypass implemented security restrictions and gain unauthorized access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improperly implemented security check for standard

EUVDB-ID: #VU56209

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30618

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Spoofing attack

EUVDB-ID: #VU56215

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30619

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Autofill in Google Chrome. A remote attacker can spoof page content.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56210

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30620

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Blink in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Spoofing attack

EUVDB-ID: #VU56216

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30621

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Autofill in Google Chrome. A remote attacker can spoof page content.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU56211

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30622

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within WebApp Installs in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU56212

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30623

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Bookmarks in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU56213

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30624

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU56476

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-30625

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Selection API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

59) Buffer overflow

EUVDB-ID: #VU56486

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30626

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in ANGLE in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Type Confusion

EUVDB-ID: #VU56477

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30627

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the Blink layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Stack-based buffer overflow

EUVDB-ID: #VU56478

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30628

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in ANGLE in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU56479

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30629

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Permissions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improperly implemented security check for standard

EUVDB-ID: #VU56480

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30630

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Blink in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Type Confusion

EUVDB-ID: #VU56481

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30631

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the Blink layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Out-of-bounds write

EUVDB-ID: #VU56482

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30632

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in-the-wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

66) Use-after-free

EUVDB-ID: #VU56483

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30633

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

67) Use-after-free

EUVDB-ID: #VU56771

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37956

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Offline use component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU56774

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebGPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improperly implemented security check for standard

EUVDB-ID: #VU56775

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37958

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU56776

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37959

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Task Manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improperly implemented security check for standard

EUVDB-ID: #VU56777

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37960

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Blink graphics in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU56778

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37961

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Tab Strip in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU56779

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37962

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Performance Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Cryptographic issues

EUVDB-ID: #VU56780

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37963

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in DevTools. Chrome Medium. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improperly implemented security check for standard

EUVDB-ID: #VU56782

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37965

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Background Fetch API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improperly implemented security check for standard

EUVDB-ID: #VU56783

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37966

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Compositing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improperly implemented security check for standard

EUVDB-ID: #VU56784

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37967

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Background Fetch API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improperly implemented security check for standard

EUVDB-ID: #VU56785

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37968

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Background Fetch API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU56787

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37970

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within File System API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Spoofing attack

EUVDB-ID: #VU56788

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37971

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Browser UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Use-after-free

EUVDB-ID: #VU56876

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-37973

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content within the Portals component in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

82) Use-after-free

EUVDB-ID: #VU56971

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use-after-free

EUVDB-ID: #VU56972

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-37975

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

84) Information disclosure

EUVDB-ID: #VU56974

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-37976

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in core in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

85) Use-after-free

EUVDB-ID: #VU57128

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37977

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Garbage Collection component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Heap-based buffer overflow

EUVDB-ID: #VU57129

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37978

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Blink. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Heap-based buffer overflow

EUVDB-ID: #VU57130

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-37979

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

88) Heap-based buffer overflow

EUVDB-ID: #VU57444

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37981

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Skia. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Use-after-free

EUVDB-ID: #VU57445

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Incognito component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use-after-free

EUVDB-ID: #VU57446

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dev Tools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Heap-based buffer overflow

EUVDB-ID: #VU57447

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37984

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in PDFium. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Use-after-free

EUVDB-ID: #VU57448

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37985

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Heap-based buffer overflow

EUVDB-ID: #VU57449

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37986

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Settings. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Use-after-free

EUVDB-ID: #VU57450

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37987

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Network APIs in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Use-after-free

EUVDB-ID: #VU57451

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37988

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Profiles in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improperly implemented security check for standard

EUVDB-ID: #VU57452

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37989

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Blink in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improperly implemented security check for standard

EUVDB-ID: #VU57453

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37990

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebView in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Race condition

EUVDB-ID: #VU57462

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37991

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a race condition in V8 in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and bypass implemented security restrictions.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Out-of-bounds read

EUVDB-ID: #VU57454

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37992

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the WebAudio component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Use-after-free

EUVDB-ID: #VU57455

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37993

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within PDF Accessibility in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improperly implemented security check for standard

EUVDB-ID: #VU57457

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37994

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in iFrame Sandbox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improperly implemented security check for standard

EUVDB-ID: #VU57458

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37995

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebApp Installer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Input validation error

EUVDB-ID: #VU57456

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37996

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use-after-free

EUVDB-ID: #VU57760

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37997

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Sign-In component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Use-after-free

EUVDB-ID: #VU57761

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Garbage Collection component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Input validation error

EUVDB-ID: #VU57762

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37999

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation in New Tab Page in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Exposed dangerous method or function

EUVDB-ID: #VU57766

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-38000

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

108) Type Confusion

EUVDB-ID: #VU57763

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-38001

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

109) Use-after-free

EUVDB-ID: #VU57764

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38002

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Web Transport component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improperly implemented security check for standard

EUVDB-ID: #VU57765

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-38003

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

111) Use-after-free

EUVDB-ID: #VU58159

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38005

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the loader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Use-after-free

EUVDB-ID: #VU58158

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38006

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the storage foundation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Type Confusion

EUVDB-ID: #VU58155

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38007

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Use-after-free

EUVDB-ID: #VU58156

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38008

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the media component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Improperly implemented security check for standard

EUVDB-ID: #VU58157

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38009

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in cache in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improperly implemented security check for standard

EUVDB-ID: #VU58160

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38010

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in service workers in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Use-after-free

EUVDB-ID: #VU58161

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38011

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the storage foundation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Type Confusion

EUVDB-ID: #VU58162

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38012

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Heap-based buffer overflow

EUVDB-ID: #VU58163

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38013

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in fingerprint recognition. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Out-of-bounds write

EUVDB-ID: #VU58164

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38014

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Swiftshader. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Improperly implemented security check for standard

EUVDB-ID: #VU58165

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38015

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU58166

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38016

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in background fetch in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU58167

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38017

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in iframe sandbox in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improperly implemented security check for standard

EUVDB-ID: #VU58168

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38018

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU58169

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38019

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in CORS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU58170

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38020

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in contacts picker in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Improperly implemented security check for standard

EUVDB-ID: #VU58171

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38021

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in referrer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Improperly implemented security check for standard

EUVDB-ID: #VU58172

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38022

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebAuthentication in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Input validation error

EUVDB-ID: #VU58846

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4098

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing HTML content in Mojo. Chrome Critical. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU58842

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4099

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Swiftshader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Improper control of a resource through its lifetime

EUVDB-ID: #VU58843

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4100

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper control of object lifetime in ANGLE in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Heap-based buffer overflow

EUVDB-ID: #VU58844

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4101

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Swiftshader. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Use-after-free

EUVDB-ID: #VU58845

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-4102

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

134) Use-after-free

EUVDB-ID: #VU59195

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0096

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Storage component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improperly implemented security check for standard

EUVDB-ID: #VU59196

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0097

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Use-after-free

EUVDB-ID: #VU59197

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0098

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Screen Capture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Use-after-free

EUVDB-ID: #VU59198

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0099

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Sign-in component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Heap-based buffer overflow

EUVDB-ID: #VU59199

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0100

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Media streams API. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Heap-based buffer overflow

EUVDB-ID: #VU59200

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0101

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Bookmarks. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Type Confusion

EUVDB-ID: #VU59201

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0102

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Use-after-free

EUVDB-ID: #VU59202

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0103

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Heap-based buffer overflow

EUVDB-ID: #VU59203

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0104

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Use-after-free

EUVDB-ID: #VU59204

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0105

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Use-after-free

EUVDB-ID: #VU59205

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0106

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Use-after-free

EUVDB-ID: #VU59206

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0107

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within File Manager API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Improperly implemented security check for standard

EUVDB-ID: #VU59207

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0108

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Improperly implemented security check for standard

EUVDB-ID: #VU59208

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0109

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Spoofing attack

EUVDB-ID: #VU59209

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0110

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improperly implemented security check for standard

EUVDB-ID: #VU59210

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0111

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Spoofing attack

EUVDB-ID: #VU59211

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0112

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Browser UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Improperly implemented security check for standard

EUVDB-ID: #VU59212

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0113

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Blink in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Out-of-bounds read

EUVDB-ID: #VU59213

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0114

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a boundary condition within the Web Serial component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Use of uninitialized resource

EUVDB-ID: #VU59214

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0115

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in File API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Improperly implemented security check for standard

EUVDB-ID: #VU59215

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0116

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Compositing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU59218

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0117

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due incorrect implementation of policy restrictions in Service Workers. A remote attacker can trick the victim to open a specially crafted web page and bypass implemented security restrictions.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Improperly implemented security check for standard

EUVDB-ID: #VU59216

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0118

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebShare in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Improperly implemented security check for standard

EUVDB-ID: #VU59217

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0120

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Use-after-free

EUVDB-ID: #VU59848

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0289

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Safe browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Use-after-free

EUVDB-ID: #VU59849

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0290

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Site isolation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Improperly implemented security check for standard

EUVDB-ID: #VU59850

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0291

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Storage in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Improperly implemented security check for standard

EUVDB-ID: #VU59851

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0292

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Fenced Frames in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Use-after-free

EUVDB-ID: #VU59852

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0293

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Web packaging component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Improperly implemented security check for standard

EUVDB-ID: #VU59853

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0294

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Push messaging in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Use-after-free

EUVDB-ID: #VU59854

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0295

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Use-after-free

EUVDB-ID: #VU59855

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0296

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Printing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Use-after-free

EUVDB-ID: #VU59856

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0297

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Use-after-free

EUVDB-ID: #VU59857

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0298

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Scheduling component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Use-after-free

EUVDB-ID: #VU59858

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0300

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Text Input Method Editor component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Heap-based buffer overflow

EUVDB-ID: #VU59859

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0301

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in DevTools. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Use-after-free

EUVDB-ID: #VU59860

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Race condition

EUVDB-ID: #VU59861

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0303

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition in GPU Watchdog in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Use-after-free

EUVDB-ID: #VU59862

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0304

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Bookmarks component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Improperly implemented security check for standard

EUVDB-ID: #VU59863

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0305

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Service Worker API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Heap-based buffer overflow

EUVDB-ID: #VU59864

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0306

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in PDFium. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Use-after-free

EUVDB-ID: #VU59865

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0307

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Optimization Guide in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Use-after-free

EUVDB-ID: #VU59866

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0308

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Data Transfer in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Improperly implemented security check for standard

EUVDB-ID: #VU59867

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0309

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Heap-based buffer overflow

EUVDB-ID: #VU59868

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0310

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Task Manager. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Heap-based buffer overflow

EUVDB-ID: #VU59869

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0311

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Task Manager. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
www-client/google-chrome to version: 97.0.4692.99
www-client/chromium to version: 97.0.4692.99

Vulnerable software versions

Gentoo Linux: All versions


CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202201-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###