Gentoo update for Chromium, Google Chrome, Microsoft Edge
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 31 |
| CVE-ID | CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3071 CVE-2022-3075 CVE-2022-3195 CVE-2022-3196 CVE-2022-3197 CVE-2022-3198 CVE-2022-3199 CVE-2022-3200 CVE-2022-3201 CVE-2022-38012 |
| CWE-ID | CWE-416 CWE-122 CWE-358 CWE-20 CWE-264 CWE-787 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #23 is being exploited in the wild. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system www-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium-bin Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 31 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU66836
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-3038
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Network Service component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is known to be exploited in the wild.
Update the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Use-after-free
EUVDB-ID: #VU66837
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3039
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebSQL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU66838
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layout component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU66839
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3041
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebSQL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU66840
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3042
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PhoneHub component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU66841
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3043
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Screen Capture. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improperly implemented security check for standard
EUVDB-ID: #VU66842
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3044
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Site Isolation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU66843
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in V8 component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU66844
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3046
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Browser Tag component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66845
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3047
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improperly implemented security check for standard
EUVDB-ID: #VU66846
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3048
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Chrome OS lockscreen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU66847
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3049
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within SplitScreen in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Heap-based buffer overflow
EUVDB-ID: #VU66848
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3050
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU66849
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3051
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Exosphere. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Heap-based buffer overflow
EUVDB-ID: #VU66850
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3052
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Window Manager. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improperly implemented security check for standard
EUVDB-ID: #VU66851
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3053
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Pointer Lock in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66852
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3054
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU66853
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3055
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Passwords in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66854
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3056
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Content Security Policy in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improperly implemented security check for standard
EUVDB-ID: #VU66855
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3057
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in iframe Sandbox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU66856
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3058
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use-after-free error in Sign-In Flow in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU66939
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3071
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Tab Strip component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU66953
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-3075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Mojo component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
24) Out-of-bounds write
EUVDB-ID: #VU67354
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3195
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Storage. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU67355
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3196
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU67356
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3197
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU67360
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3198
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU67357
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3199
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Frames component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Heap-based buffer overflow
EUVDB-ID: #VU67358
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3200
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Internals. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU67359
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3201
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in DevTools component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU66930
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38012
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 105.0.5195.125
www-client/chromium-bin to version: 105.0.5195.125
www-client/google-chrome to version: 105.0.5195.125
www-client/microsoft-edge to version: 105.0.1343.42
Gentoo Linux: All versions
www-client/microsoft-edge: before 105.0.1343.42
www-client/google-chrome: before 105.0.5195.125
www-client/chromium-bin: before 105.0.5195.125
www-client/chromium: before 105.0.5195.125
External linkshttp://security.gentoo.org/glsa/202209-23
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
