Gentoo update for Chromium, Google Chrome, Microsoft Edge, QtWebEngine
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 171 |
| CVE-ID | CVE-2021-30551 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809 CVE-2022-0971 CVE-2022-0972 CVE-2022-0973 CVE-2022-0974 CVE-2022-0975 CVE-2022-0976 CVE-2022-0977 CVE-2022-0978 CVE-2022-0979 CVE-2022-0980 CVE-2022-1096 CVE-2022-1125 CVE-2022-1127 CVE-2022-1128 CVE-2022-1129 CVE-2022-1130 CVE-2022-1131 CVE-2022-1132 CVE-2022-1133 CVE-2022-1134 CVE-2022-1135 CVE-2022-1136 CVE-2022-1137 CVE-2022-1138 CVE-2022-1139 CVE-2022-1141 CVE-2022-1142 CVE-2022-1143 CVE-2022-1144 CVE-2022-1145 CVE-2022-1146 CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364 CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501 CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641 CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876 CVE-2022-2007 CVE-2022-2010 CVE-2022-2011 CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 CVE-2022-22021 CVE-2022-24475 CVE-2022-24523 CVE-2022-26891 CVE-2022-26894 CVE-2022-26895 CVE-2022-26900 CVE-2022-26905 CVE-2022-26908 CVE-2022-26909 CVE-2022-26912 CVE-2022-29144 CVE-2022-29146 CVE-2022-29147 CVE-2022-30127 CVE-2022-30128 CVE-2022-30192 CVE-2022-33638 CVE-2022-33639 |
| CWE-ID | CWE-843 CWE-416 CWE-451 CWE-122 CWE-20 CWE-191 CWE-787 CWE-125 CWE-119 CWE-264 CWE-358 CWE-200 CWE-94 CWE-362 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #51 is being exploited in the wild. Vulnerability #83 is being exploited in the wild. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component dev-qt/qtwebengine Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 171 vulnerabilities.
1) Type Confusion
EUVDB-ID: #VU54006
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2021-30551
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Use-after-free
EUVDB-ID: #VU58534
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the web apps component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU58535
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4053
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Spoofing attack
EUVDB-ID: #VU58536
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4054
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU58537
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4055
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in extensions. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Type Confusion
EUVDB-ID: #VU58538
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4056
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the loader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU58539
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the file API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU58540
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4058
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU58541
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-4059
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation in loader in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Type Confusion
EUVDB-ID: #VU58542
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4061
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU58543
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4062
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in BFCache. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU58544
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the developer tools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU58545
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4064
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the screen capture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU58546
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4065
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Integer underflow
EUVDB-ID: #VU58549
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4066
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow. A remote attacker can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU58547
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4067
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the window manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU58548
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4068
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a improper input validation in new tab page in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Type Confusion
EUVDB-ID: #VU59666
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4078
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds write
EUVDB-ID: #VU59667
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4079
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Heap-based buffer overflow
EUVDB-ID: #VU60991
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0789
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU60992
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Cast UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU60993
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU60994
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0792
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ANGLE component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU60995
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0793
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Views component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU60996
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0794
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebShare component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Type Confusion
EUVDB-ID: #VU60997
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0795
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the Blink Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU60998
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Media component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU60999
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0797
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Mojo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU61000
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within MediaStream in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61001
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0799
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Installer in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Heap-based buffer overflow
EUVDB-ID: #VU61002
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0800
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Cast UI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improperly implemented security check for standard
EUVDB-ID: #VU61003
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0801
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in HTML parser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improperly implemented security check for standard
EUVDB-ID: #VU61004
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0802
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improperly implemented security check for standard
EUVDB-ID: #VU61005
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0803
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improperly implemented security check for standard
EUVDB-ID: #VU61006
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0804
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU61007
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0805
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Browser Switcher in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Information disclosure
EUVDB-ID: #VU61012
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0806
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Canvas in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improperly implemented security check for standard
EUVDB-ID: #VU61008
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0807
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU61009
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0808
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Chrome OS Shell in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU61010
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0809
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the WebXR component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU61381
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU61382
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0972
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU61383
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0973
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU61384
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Splitscreen component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU61385
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0975
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Heap-based buffer overflow
EUVDB-ID: #VU61386
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0976
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU61387
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0977
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Browser UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU61388
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0978
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free
EUVDB-ID: #VU61389
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU61390
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0980
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within New Tab Page in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Type Confusion
EUVDB-ID: #VU61629
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2022-1096
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
52) Use-after-free
EUVDB-ID: #VU61700
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1125
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Portals component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU61701
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1127
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the QR Code Generator component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improperly implemented security check for standard
EUVDB-ID: #VU61702
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1128
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Web Share API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improperly implemented security check for standard
EUVDB-ID: #VU61703
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1129
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Full Screen Mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU61719
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in WebOTP component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU61704
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Cast UI component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improperly implemented security check for standard
EUVDB-ID: #VU61705
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1132
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Virtual Keyboard in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU61706
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1133
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Type Confusion
EUVDB-ID: #VU61707
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1134
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU61708
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1135
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Shopping Cart in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU61709
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1136
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Tab Strip in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improperly implemented security check for standard
EUVDB-ID: #VU61710
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1137
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improperly implemented security check for standard
EUVDB-ID: #VU61711
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1138
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Web Cursor in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improperly implemented security check for standard
EUVDB-ID: #VU61712
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1139
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Background Fetch API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU61713
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1141
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Heap-based buffer overflow
EUVDB-ID: #VU61714
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1142
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Heap-based buffer overflow
EUVDB-ID: #VU61715
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1143
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Use-after-free
EUVDB-ID: #VU61716
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1144
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebUI in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU61717
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1145
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Extensions in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Improperly implemented security check for standard
EUVDB-ID: #VU61718
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1146
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Resource Timing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Type Confusion
EUVDB-ID: #VU61831
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1232
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Use-after-free
EUVDB-ID: #VU62061
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1305
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the storage component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Improperly implemented security check for standard
EUVDB-ID: #VU62062
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1306
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in compositing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Improperly implemented security check for standard
EUVDB-ID: #VU62063
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1307
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in full screen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU62064
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1308
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the BFCache component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU62065
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1309
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in developer tools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Use-after-free
EUVDB-ID: #VU62066
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1310
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the regular expressions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Use-after-free
EUVDB-ID: #VU62067
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1311
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Chrome OS shell component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU62068
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1312
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the storage component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU62069
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1313
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within tab groups in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Type Confusion
EUVDB-ID: #VU62070
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1314
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Type Confusion
EUVDB-ID: #VU62346
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2022-1364
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
84) Use-after-free
EUVDB-ID: #VU62609
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1477
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Use-after-free
EUVDB-ID: #VU62610
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1478
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU62611
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1479
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU62612
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1480
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Device API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU62613
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1481
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improperly implemented security check for standard
EUVDB-ID: #VU62614
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1482
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in WebGL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Heap-based buffer overflow
EUVDB-ID: #VU62615
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1483
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebGPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Heap-based buffer overflow
EUVDB-ID: #VU62616
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1484
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Web UI Settings. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU62617
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1485
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File System API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Type Confusion
EUVDB-ID: #VU62618
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1486
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU62619
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1487
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Ozone in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improperly implemented security check for standard
EUVDB-ID: #VU62620
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1488
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Out-of-bounds read
EUVDB-ID: #VU62621
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1489
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the UI Shelf component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU62622
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1490
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Browser Switcher in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU62623
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1491
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Input validation error
EUVDB-ID: #VU62624
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1492
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Blink Editing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use-after-free
EUVDB-ID: #VU62625
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1493
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Dev Tools in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Input validation error
EUVDB-ID: #VU62626
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1494
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Trusted Types in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Spoofing attack
EUVDB-ID: #VU62627
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1495
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Use-after-free
EUVDB-ID: #VU62628
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1496
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within File Manager in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Improperly implemented security check for standard
EUVDB-ID: #VU62629
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1497
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improperly implemented security check for standard
EUVDB-ID: #VU62630
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1498
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in HTML Parser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Improperly implemented security check for standard
EUVDB-ID: #VU62631
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1499
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebAuthentication in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Input validation error
EUVDB-ID: #VU62632
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1500
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Dev Tools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improperly implemented security check for standard
EUVDB-ID: #VU62633
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1501
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in iframe in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Use-after-free
EUVDB-ID: #VU62891
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1633
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Sharesheet implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Use-after-free
EUVDB-ID: #VU62892
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1634
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Browser UI implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Use-after-free
EUVDB-ID: #VU62893
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1635
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Permission Prompts implementation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Use-after-free
EUVDB-ID: #VU62894
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1636
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Performance APIs. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Input validation error
EUVDB-ID: #VU62899
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1637
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in Web Contents implementation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Use-after-free
EUVDB-ID: #VU62895
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1639
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ANGLE. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Use-after-free
EUVDB-ID: #VU62897
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1640
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Sharing feature. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Use-after-free
EUVDB-ID: #VU62898
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1641
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Web UI Diagnostics feature. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use-after-free
EUVDB-ID: #VU63596
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Indexed DB component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Use-after-free
EUVDB-ID: #VU63597
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Use-after-free
EUVDB-ID: #VU63598
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Messaging component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Use-after-free
EUVDB-ID: #VU63599
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1856
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the User Education component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU63600
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1857
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Out-of-bounds read
EUVDB-ID: #VU63601
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the DevTools component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Use-after-free
EUVDB-ID: #VU63602
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Performance Manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Use-after-free
EUVDB-ID: #VU63603
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1860
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the UI Foundations component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use-after-free
EUVDB-ID: #VU63604
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Improperly implemented security check for standard
EUVDB-ID: #VU63605
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1862
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use-after-free
EUVDB-ID: #VU63606
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1863
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Tab Groups in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Use-after-free
EUVDB-ID: #VU63607
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1864
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebApp Installs in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU63608
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Use-after-free
EUVDB-ID: #VU63609
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Tablet Mode in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Input validation error
EUVDB-ID: #VU63610
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1867
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Data Transfer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improperly implemented security check for standard
EUVDB-ID: #VU63611
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1868
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Type Confusion
EUVDB-ID: #VU63612
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1869
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use-after-free
EUVDB-ID: #VU63613
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1870
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within App Service in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU63614
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1871
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU63615
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1872
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU63616
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1873
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in COOP in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU63617
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1874
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Safe Browsing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Improperly implemented security check for standard
EUVDB-ID: #VU63618
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1875
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in PDF in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Heap-based buffer overflow
EUVDB-ID: #VU63619
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1876
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted HTML content in DevTools. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and crash the browser.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU64144
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2007
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebGPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Out-of-bounds read
EUVDB-ID: #VU64146
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2010
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the compositing component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Use-after-free
EUVDB-ID: #VU64147
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2011
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Use-after-free
EUVDB-ID: #VU64560
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2156
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Base component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Use-after-free
EUVDB-ID: #VU64561
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2157
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Interest groups component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Type Confusion
EUVDB-ID: #VU64562
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2158
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64563
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2160
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Use-after-free
EUVDB-ID: #VU64564
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2161
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebApp Provider in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64565
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2162
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Use-after-free
EUVDB-ID: #VU64566
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2163
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use-after-free error in Cast UI and Toolbar in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Improperly implemented security check for standard
EUVDB-ID: #VU64567
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2164
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Input validation error
EUVDB-ID: #VU64568
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2165
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in URL formatting in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Input validation error
EUVDB-ID: #VU64148
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-22021
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing HTML content. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Code Injection
EUVDB-ID: #VU61809
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-24475
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Spoofing attack
EUVDB-ID: #VU61801
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-24523
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can perform spoofing attack.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Code Injection
EUVDB-ID: #VU61808
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-26891
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Code Injection
EUVDB-ID: #VU61807
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-26894
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Code Injection
EUVDB-ID: #VU61806
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-26895
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Code Injection
EUVDB-ID: #VU61805
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-26900
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Spoofing attack
EUVDB-ID: #VU63887
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-26905
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Code Injection
EUVDB-ID: #VU61804
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-26908
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Code Injection
EUVDB-ID: #VU61803
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-26909
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Code Injection
EUVDB-ID: #VU61802
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-26912
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Input validation error
EUVDB-ID: #VU62363
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-29144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Security restrictions bypass
EUVDB-ID: #VU62700
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-29146
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions. A remote attacker can trick the victim to visit a specially crafted website, escape browser sandbox and execute arbitrary code on the system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Input validation error
EUVDB-ID: #VU62701
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-29147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted website while using Edge in Internet Explorer Mode and bypass certain security restrictions.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Race condition
EUVDB-ID: #VU63889
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-30127
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition. A remote attacker can trick the victim to visit a specially crafted web page, trigger a race condition and escape browser sandbox.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Race condition
EUVDB-ID: #VU63888
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-30128
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition. A remote attacker can trick the victim to visit a specially crafted web page, trigger a race condition and escape browser sandbox.
MitigationUpdate the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Input validation error
EUVDB-ID: #VU64629
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-30192
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Input validation error
EUVDB-ID: #VU64628
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-33638
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Race condition
EUVDB-ID: #VU64670
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-33639
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when processing HTML content. A remote attacker can trick the victim to visit a specially crafted web page, bypass browser sandbox and execute arbitrary code on the system.
Update the affected packages.
dev-qt/qtwebengine to version: 103.0.5060.53
www-client/chromium to version: 103.0.5060.53
www-client/google-chrome to version: 101.0.1210.47
www-client/microsoft-edge to version:
Gentoo Linux: All versions
www-client/google-chrome: before 101.0.1210.47
www-client/chromium: before 103.0.5060.53
dev-qt/qtwebengine: before 103.0.5060.53
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202208-25
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
