Gentoo update for Chromium, Google Chrome, Microsoft Edge, QtWebEngine



Published: 2022-08-15
Risk Critical
Patch available YES
Number of vulnerabilities 171
CVE-ID CVE-2021-30551
CVE-2021-4052
CVE-2021-4053
CVE-2021-4054
CVE-2021-4055
CVE-2021-4056
CVE-2021-4057
CVE-2021-4058
CVE-2021-4059
CVE-2021-4061
CVE-2021-4062
CVE-2021-4063
CVE-2021-4064
CVE-2021-4065
CVE-2021-4066
CVE-2021-4067
CVE-2021-4068
CVE-2021-4078
CVE-2021-4079
CVE-2022-0789
CVE-2022-0790
CVE-2022-0791
CVE-2022-0792
CVE-2022-0793
CVE-2022-0794
CVE-2022-0795
CVE-2022-0796
CVE-2022-0797
CVE-2022-0798
CVE-2022-0799
CVE-2022-0800
CVE-2022-0801
CVE-2022-0802
CVE-2022-0803
CVE-2022-0804
CVE-2022-0805
CVE-2022-0806
CVE-2022-0807
CVE-2022-0808
CVE-2022-0809
CVE-2022-0971
CVE-2022-0972
CVE-2022-0973
CVE-2022-0974
CVE-2022-0975
CVE-2022-0976
CVE-2022-0977
CVE-2022-0978
CVE-2022-0979
CVE-2022-0980
CVE-2022-1096
CVE-2022-1125
CVE-2022-1127
CVE-2022-1128
CVE-2022-1129
CVE-2022-1130
CVE-2022-1131
CVE-2022-1132
CVE-2022-1133
CVE-2022-1134
CVE-2022-1135
CVE-2022-1136
CVE-2022-1137
CVE-2022-1138
CVE-2022-1139
CVE-2022-1141
CVE-2022-1142
CVE-2022-1143
CVE-2022-1144
CVE-2022-1145
CVE-2022-1146
CVE-2022-1232
CVE-2022-1305
CVE-2022-1306
CVE-2022-1307
CVE-2022-1308
CVE-2022-1309
CVE-2022-1310
CVE-2022-1311
CVE-2022-1312
CVE-2022-1313
CVE-2022-1314
CVE-2022-1364
CVE-2022-1477
CVE-2022-1478
CVE-2022-1479
CVE-2022-1480
CVE-2022-1481
CVE-2022-1482
CVE-2022-1483
CVE-2022-1484
CVE-2022-1485
CVE-2022-1486
CVE-2022-1487
CVE-2022-1488
CVE-2022-1489
CVE-2022-1490
CVE-2022-1491
CVE-2022-1492
CVE-2022-1493
CVE-2022-1494
CVE-2022-1495
CVE-2022-1496
CVE-2022-1497
CVE-2022-1498
CVE-2022-1499
CVE-2022-1500
CVE-2022-1501
CVE-2022-1633
CVE-2022-1634
CVE-2022-1635
CVE-2022-1636
CVE-2022-1637
CVE-2022-1639
CVE-2022-1640
CVE-2022-1641
CVE-2022-1853
CVE-2022-1854
CVE-2022-1855
CVE-2022-1856
CVE-2022-1857
CVE-2022-1858
CVE-2022-1859
CVE-2022-1860
CVE-2022-1861
CVE-2022-1862
CVE-2022-1863
CVE-2022-1864
CVE-2022-1865
CVE-2022-1866
CVE-2022-1867
CVE-2022-1868
CVE-2022-1869
CVE-2022-1870
CVE-2022-1871
CVE-2022-1872
CVE-2022-1873
CVE-2022-1874
CVE-2022-1875
CVE-2022-1876
CVE-2022-2007
CVE-2022-2010
CVE-2022-2011
CVE-2022-2156
CVE-2022-2157
CVE-2022-2158
CVE-2022-2160
CVE-2022-2161
CVE-2022-2162
CVE-2022-2163
CVE-2022-2164
CVE-2022-2165
CVE-2022-22021
CVE-2022-24475
CVE-2022-24523
CVE-2022-26891
CVE-2022-26894
CVE-2022-26895
CVE-2022-26900
CVE-2022-26905
CVE-2022-26908
CVE-2022-26909
CVE-2022-26912
CVE-2022-29144
CVE-2022-29146
CVE-2022-29147
CVE-2022-30127
CVE-2022-30128
CVE-2022-30192
CVE-2022-33638
CVE-2022-33639
CWE-ID CWE-843
CWE-416
CWE-451
CWE-122
CWE-20
CWE-191
CWE-787
CWE-125
CWE-119
CWE-264
CWE-358
CWE-200
CWE-94
CWE-362
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #51 is being exploited in the wild.
Vulnerability #83 is being exploited in the wild.
Vulnerable software
Subscribe
Gentoo Linux
Operating systems & Components / Operating system

www-client/google-chrome
Operating systems & Components / Operating system package or component

www-client/chromium
Operating systems & Components / Operating system package or component

dev-qt/qtwebengine
Operating systems & Components / Operating system package or component

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 171 vulnerabilities.

1) Type Confusion

EUVDB-ID: #VU54006

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2021-30551

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Use-after-free

EUVDB-ID: #VU58534

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4052

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the web apps component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Use-after-free

EUVDB-ID: #VU58535

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4053

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Spoofing attack

EUVDB-ID: #VU58536

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4054

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Heap-based buffer overflow

EUVDB-ID: #VU58537

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4055

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in extensions. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Type Confusion

EUVDB-ID: #VU58538

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4056

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the loader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Use-after-free

EUVDB-ID: #VU58539

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4057

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the file API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Heap-based buffer overflow

EUVDB-ID: #VU58540

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4058

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Input validation error

EUVDB-ID: #VU58541

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-4059

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation in loader in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Type Confusion

EUVDB-ID: #VU58542

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4061

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Heap-based buffer overflow

EUVDB-ID: #VU58543

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4062

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in BFCache. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Use-after-free

EUVDB-ID: #VU58544

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4063

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the developer tools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Use-after-free

EUVDB-ID: #VU58545

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4064

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the screen capture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Use-after-free

EUVDB-ID: #VU58546

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4065

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Integer underflow

EUVDB-ID: #VU58549

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4066

CWE-ID: CWE-191 - Integer Underflow (Wrap or Wraparound)

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow. A remote attacker can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Use-after-free

EUVDB-ID: #VU58547

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4067

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the window manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Input validation error

EUVDB-ID: #VU58548

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-4068

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in new tab page in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Type Confusion

EUVDB-ID: #VU59666

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4078

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Out-of-bounds write

EUVDB-ID: #VU59667

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-4079

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Heap-based buffer overflow

EUVDB-ID: #VU60991

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0789

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Use-after-free

EUVDB-ID: #VU60992

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0790

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Cast UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Use-after-free

EUVDB-ID: #VU60993

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0791

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Out-of-bounds read

EUVDB-ID: #VU60994

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0792

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ANGLE component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Use-after-free

EUVDB-ID: #VU60995

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0793

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Views component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Use-after-free

EUVDB-ID: #VU60996

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0794

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebShare component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Type Confusion

EUVDB-ID: #VU60997

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0795

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the Blink Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Use-after-free

EUVDB-ID: #VU60998

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0796

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Media component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Buffer overflow

EUVDB-ID: #VU60999

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0797

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in Mojo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Use-after-free

EUVDB-ID: #VU61000

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within MediaStream in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61001

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0799

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Installer in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Heap-based buffer overflow

EUVDB-ID: #VU61002

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0800

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Cast UI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Improperly implemented security check for standard

EUVDB-ID: #VU61003

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0801

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in HTML parser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Improperly implemented security check for standard

EUVDB-ID: #VU61004

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0802

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Improperly implemented security check for standard

EUVDB-ID: #VU61005

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0803

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Improperly implemented security check for standard

EUVDB-ID: #VU61006

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0804

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Use-after-free

EUVDB-ID: #VU61007

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0805

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Browser Switcher in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Information disclosure

EUVDB-ID: #VU61012

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0806

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Canvas in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

38) Improperly implemented security check for standard

EUVDB-ID: #VU61008

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0807

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

39) Use-after-free

EUVDB-ID: #VU61009

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0808

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Chrome OS Shell in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

40) Out-of-bounds read

EUVDB-ID: #VU61010

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0809

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a boundary condition within the WebXR component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

41) Use-after-free

EUVDB-ID: #VU61381

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Blink Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

42) Use-after-free

EUVDB-ID: #VU61382

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0972

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

43) Use-after-free

EUVDB-ID: #VU61383

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0973

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

44) Use-after-free

EUVDB-ID: #VU61384

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Splitscreen component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

45) Use-after-free

EUVDB-ID: #VU61385

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0975

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

46) Heap-based buffer overflow

EUVDB-ID: #VU61386

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0976

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

47) Use-after-free

EUVDB-ID: #VU61387

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0977

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Browser UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

48) Use-after-free

EUVDB-ID: #VU61388

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0978

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

49) Use-after-free

EUVDB-ID: #VU61389

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0979

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

50) Use-after-free

EUVDB-ID: #VU61390

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0980

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within New Tab Page in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

51) Type Confusion

EUVDB-ID: #VU61629

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2022-1096

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

52) Use-after-free

EUVDB-ID: #VU61700

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1125

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Portals component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

53) Use-after-free

EUVDB-ID: #VU61701

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1127

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the QR Code Generator component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

54) Improperly implemented security check for standard

EUVDB-ID: #VU61702

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1128

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Web Share API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

55) Improperly implemented security check for standard

EUVDB-ID: #VU61703

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1129

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Full Screen Mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

56) Input validation error

EUVDB-ID: #VU61719

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1130

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in WebOTP component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

57) Use-after-free

EUVDB-ID: #VU61704

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1131

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Cast UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

58) Improperly implemented security check for standard

EUVDB-ID: #VU61705

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1132

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Virtual Keyboard in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

59) Use-after-free

EUVDB-ID: #VU61706

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1133

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

60) Type Confusion

EUVDB-ID: #VU61707

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1134

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

61) Use-after-free

EUVDB-ID: #VU61708

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1135

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Shopping Cart in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

62) Use-after-free

EUVDB-ID: #VU61709

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1136

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Tab Strip in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

63) Improperly implemented security check for standard

EUVDB-ID: #VU61710

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1137

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

64) Improperly implemented security check for standard

EUVDB-ID: #VU61711

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1138

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Web Cursor in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

65) Improperly implemented security check for standard

EUVDB-ID: #VU61712

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1139

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Background Fetch API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

66) Use-after-free

EUVDB-ID: #VU61713

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1141

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within File Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

67) Heap-based buffer overflow

EUVDB-ID: #VU61714

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1142

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

68) Heap-based buffer overflow

EUVDB-ID: #VU61715

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1143

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

69) Use-after-free

EUVDB-ID: #VU61716

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1144

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within WebUI in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

70) Use-after-free

EUVDB-ID: #VU61717

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1145

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Extensions in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

71) Improperly implemented security check for standard

EUVDB-ID: #VU61718

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1146

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Resource Timing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

72) Type Confusion

EUVDB-ID: #VU61831

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1232

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

73) Use-after-free

EUVDB-ID: #VU62061

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1305

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the storage component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

74) Improperly implemented security check for standard

EUVDB-ID: #VU62062

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1306

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in compositing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

75) Improperly implemented security check for standard

EUVDB-ID: #VU62063

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1307

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in full screen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

76) Use-after-free

EUVDB-ID: #VU62064

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1308

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the BFCache component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

77) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU62065

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1309

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in developer tools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

78) Use-after-free

EUVDB-ID: #VU62066

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1310

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the regular expressions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

79) Use-after-free

EUVDB-ID: #VU62067

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1311

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Chrome OS shell component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

80) Use-after-free

EUVDB-ID: #VU62068

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1312

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the storage component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

81) Use-after-free

EUVDB-ID: #VU62069

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1313

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within tab groups in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

82) Type Confusion

EUVDB-ID: #VU62070

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1314

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

83) Type Confusion

EUVDB-ID: #VU62346

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2022-1364

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

84) Use-after-free

EUVDB-ID: #VU62609

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1477

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

85) Use-after-free

EUVDB-ID: #VU62610

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1478

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

86) Use-after-free

EUVDB-ID: #VU62611

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1479

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

87) Use-after-free

EUVDB-ID: #VU62612

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1480

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Device API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

88) Use-after-free

EUVDB-ID: #VU62613

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1481

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

89) Improperly implemented security check for standard

EUVDB-ID: #VU62614

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1482

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in WebGL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

90) Heap-based buffer overflow

EUVDB-ID: #VU62615

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1483

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebGPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

91) Heap-based buffer overflow

EUVDB-ID: #VU62616

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1484

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Web UI Settings. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

92) Use-after-free

EUVDB-ID: #VU62617

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1485

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within File System API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

93) Type Confusion

EUVDB-ID: #VU62618

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1486

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

94) Use-after-free

EUVDB-ID: #VU62619

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1487

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Ozone in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

95) Improperly implemented security check for standard

EUVDB-ID: #VU62620

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1488

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

96) Out-of-bounds read

EUVDB-ID: #VU62621

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1489

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a boundary condition within the UI Shelf component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

97) Use-after-free

EUVDB-ID: #VU62622

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1490

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Browser Switcher in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

98) Use-after-free

EUVDB-ID: #VU62623

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1491

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

99) Input validation error

EUVDB-ID: #VU62624

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1492

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Blink Editing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

100) Use-after-free

EUVDB-ID: #VU62625

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1493

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Dev Tools in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

101) Input validation error

EUVDB-ID: #VU62626

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1494

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Trusted Types in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

102) Spoofing attack

EUVDB-ID: #VU62627

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1495

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

103) Use-after-free

EUVDB-ID: #VU62628

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1496

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within File Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

104) Improperly implemented security check for standard

EUVDB-ID: #VU62629

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1497

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

105) Improperly implemented security check for standard

EUVDB-ID: #VU62630

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1498

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in HTML Parser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

106) Improperly implemented security check for standard

EUVDB-ID: #VU62631

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1499

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebAuthentication in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

107) Input validation error

EUVDB-ID: #VU62632

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1500

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Dev Tools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

108) Improperly implemented security check for standard

EUVDB-ID: #VU62633

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1501

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in iframe in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

109) Use-after-free

EUVDB-ID: #VU62891

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1633

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Sharesheet implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

110) Use-after-free

EUVDB-ID: #VU62892

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1634

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Browser UI implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

111) Use-after-free

EUVDB-ID: #VU62893

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1635

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Permission Prompts implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

112) Use-after-free

EUVDB-ID: #VU62894

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1636

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Performance APIs. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

113) Input validation error

EUVDB-ID: #VU62899

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1637

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Web Contents implementation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

114) Use-after-free

EUVDB-ID: #VU62895

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1639

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in ANGLE. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

115) Use-after-free

EUVDB-ID: #VU62897

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1640

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Sharing feature. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

116) Use-after-free

EUVDB-ID: #VU62898

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1641

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Web UI Diagnostics feature. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

117) Use-after-free

EUVDB-ID: #VU63596

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Indexed DB component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

118) Use-after-free

EUVDB-ID: #VU63597

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1854

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

119) Use-after-free

EUVDB-ID: #VU63598

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Messaging component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

120) Use-after-free

EUVDB-ID: #VU63599

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1856

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the User Education component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

121) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63600

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1857

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

122) Out-of-bounds read

EUVDB-ID: #VU63601

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1858

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the DevTools component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

123) Use-after-free

EUVDB-ID: #VU63602

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1859

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Performance Manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

124) Use-after-free

EUVDB-ID: #VU63603

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1860

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the UI Foundations component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

125) Use-after-free

EUVDB-ID: #VU63604

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1861

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

126) Improperly implemented security check for standard

EUVDB-ID: #VU63605

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1862

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

127) Use-after-free

EUVDB-ID: #VU63606

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1863

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Tab Groups in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

128) Use-after-free

EUVDB-ID: #VU63607

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1864

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within WebApp Installs in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

129) Use-after-free

EUVDB-ID: #VU63608

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1865

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

130) Use-after-free

EUVDB-ID: #VU63609

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1866

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Tablet Mode in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

131) Input validation error

EUVDB-ID: #VU63610

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1867

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Data Transfer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

132) Improperly implemented security check for standard

EUVDB-ID: #VU63611

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1868

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

133) Type Confusion

EUVDB-ID: #VU63612

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1869

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

134) Use-after-free

EUVDB-ID: #VU63613

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1870

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within App Service in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

135) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63614

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1871

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

136) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63615

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1872

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

137) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63616

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1873

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in COOP in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

138) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63617

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1874

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Safe Browsing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

139) Improperly implemented security check for standard

EUVDB-ID: #VU63618

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1875

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in PDF in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

140) Heap-based buffer overflow

EUVDB-ID: #VU63619

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1876

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted HTML content in DevTools. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and crash the browser.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

141) Use-after-free

EUVDB-ID: #VU64144

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2007

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebGPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

142) Out-of-bounds read

EUVDB-ID: #VU64146

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2010

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the compositing component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

143) Use-after-free

EUVDB-ID: #VU64147

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2011

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

144) Use-after-free

EUVDB-ID: #VU64560

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2156

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Base component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

145) Use-after-free

EUVDB-ID: #VU64561

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2157

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Interest groups component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

146) Type Confusion

EUVDB-ID: #VU64562

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2158

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

147) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU64563

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2160

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

148) Use-after-free

EUVDB-ID: #VU64564

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2161

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within WebApp Provider in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

149) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU64565

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2162

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

150) Use-after-free

EUVDB-ID: #VU64566

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2163

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Cast UI and Toolbar in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

151) Improperly implemented security check for standard

EUVDB-ID: #VU64567

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2164

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

152) Input validation error

EUVDB-ID: #VU64568

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2165

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in URL formatting in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

153) Input validation error

EUVDB-ID: #VU64148

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-22021

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing HTML content. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

154) Code Injection

EUVDB-ID: #VU61809

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24475

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

155) Spoofing attack

EUVDB-ID: #VU61801

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24523

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can perform spoofing attack.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

156) Code Injection

EUVDB-ID: #VU61808

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-26891

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

157) Code Injection

EUVDB-ID: #VU61807

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-26894

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

158) Code Injection

EUVDB-ID: #VU61806

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-26895

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

159) Code Injection

EUVDB-ID: #VU61805

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-26900

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

160) Spoofing attack

EUVDB-ID: #VU63887

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26905

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

161) Code Injection

EUVDB-ID: #VU61804

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-26908

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

162) Code Injection

EUVDB-ID: #VU61803

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-26909

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

163) Code Injection

EUVDB-ID: #VU61802

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-26912

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.


Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

164) Input validation error

EUVDB-ID: #VU62363

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-29144

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

165) Security restrictions bypass

EUVDB-ID: #VU62700

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-29146

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions. A remote attacker can trick the victim to visit a specially crafted website, escape browser sandbox and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

166) Input validation error

EUVDB-ID: #VU62701

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-29147

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted website while using Edge in Internet Explorer Mode and bypass certain security restrictions.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

167) Race condition

EUVDB-ID: #VU63889

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-30127

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition. A remote attacker can trick the victim to visit a specially crafted web page, trigger a race condition and escape browser sandbox.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

168) Race condition

EUVDB-ID: #VU63888

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30128

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition. A remote attacker can trick the victim to visit a specially crafted web page, trigger a race condition and escape browser sandbox.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

169) Input validation error

EUVDB-ID: #VU64629

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30192

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

170) Input validation error

EUVDB-ID: #VU64628

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-33638

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

171) Race condition

EUVDB-ID: #VU64670

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-33639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition when processing HTML content. A remote attacker can trick the victim to visit a specially crafted web page, bypass browser sandbox and execute arbitrary code on the system.

Mitigation

Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:

Vulnerable software versions

Gentoo Linux: All versions

www-client/google-chrome: before 101.0.1210.47

www-client/chromium: before 103.0.5060.53

dev-qt/qtwebengine: before 103.0.5060.53


CPE2.3 External links

http://security.gentoo.org/glsa/202208-25

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###