Gentoo update for Chromium, Google Chrome, Microsoft Edge
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 44 |
| CVE-ID | CVE-2022-2163 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612 CVE-2022-2613 CVE-2022-2614 CVE-2022-2615 CVE-2022-2616 CVE-2022-2617 CVE-2022-2618 CVE-2022-2619 CVE-2022-2620 CVE-2022-2621 CVE-2022-2622 CVE-2022-2623 CVE-2022-2624 CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 CVE-2022-33636 CVE-2022-33649 CVE-2022-35796 |
| CWE-ID | CWE-416 CWE-122 CWE-843 CWE-20 CWE-125 CWE-264 CWE-358 CWE-310 CWE-119 CWE-254 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #2 is being exploited in the wild. Vulnerability #36 is being exploited in the wild. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system www-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium-bin Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 44 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU64566
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2163
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use-after-free error in Cast UI and Toolbar in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU64910
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-2294
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within WebRTC implementation. A remote attacker can trick the victim ti visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Type Confusion
EUVDB-ID: #VU64911
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2295
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU64912
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2296
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Chrome OS Shell component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU65446
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2477
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Guest View when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU65447
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2478
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in PDF component. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU65450
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2479
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in File component. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system. MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU65448
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2480
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Service Worker API when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU65449
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2481
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Views when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU65958
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2603
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Omnibox component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU65959
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2604
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU65960
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2605
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Dawn component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU65961
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2606
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Managed devices API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU65962
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2607
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Tab Strip component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU65963
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2608
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Overview Mode component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU65964
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2609
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Nearby Share component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65965
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2610
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Background Fetch in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improperly implemented security check for standard
EUVDB-ID: #VU65966
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2611
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Fullscreen API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Cryptographic issues
EUVDB-ID: #VU65967
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2612
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to side-channel information leak in Keyboard input. Chrome Medium. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU65968
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2613
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Input in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU65969
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2614
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Sign-In Flow in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65970
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2615
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Cookies in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improperly implemented security check for standard
EUVDB-ID: #VU65971
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2616
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU65972
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2617
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Extensions API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU65973
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Internals in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU65974
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2619
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Settings in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU65975
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2620
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebUI in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU65976
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2621
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Extensions in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU65977
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2622
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Safe Browsing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU65978
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Offline in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Heap-based buffer overflow
EUVDB-ID: #VU65979
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2624
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in PDF. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU66559
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the FedCM component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Heap-based buffer overflow
EUVDB-ID: #VU66564
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2853
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Downloads. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU66560
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU66561
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU66565
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-2856
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
37) Use-after-free
EUVDB-ID: #VU66562
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use-after-free
EUVDB-ID: #VU66563
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Sign-In Flow component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU66566
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Chrome OS Shell in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66567
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2860
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Cookies in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improperly implemented security check for standard
EUVDB-ID: #VU66568
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2861
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU66148
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33636
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Security features bypass
EUVDB-ID: #VU66150
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33649
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The
vulnerability exists due to an error when processing HTML
content. A remote attacker can create a specially crafted website, trick
the victim into opening it, and execute arbitrary code on the system.
Update the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU66149
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-35796
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 104.0.5112.101
www-client/chromium-bin to version: 104.0.5112.101
www-client/google-chrome to version: 104.0.5112.101
www-client/microsoft-edge to version: 104.0.1293.63
Gentoo Linux: All versions
www-client/microsoft-edge: before 104.0.1293.63
www-client/google-chrome: before 104.0.5112.101
www-client/chromium-bin: before 104.0.5112.101
www-client/chromium: before 104.0.5112.101
External linkshttp://security.gentoo.org/glsa/202208-35
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
