Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 56 |
CVE-ID | CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450 CVE-2022-3723 CVE-2022-41115 CVE-2022-4135 CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193 CVE-2022-4194 CVE-2022-4195 CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 CVE-2022-44688 CVE-2022-44708 CVE-2023-0128 CVE-2023-0129 CVE-2023-0130 CVE-2023-0131 CVE-2023-0132 CVE-2023-0133 CVE-2023-0134 CVE-2023-0135 CVE-2023-0136 CVE-2023-0137 CVE-2023-0138 CVE-2023-0139 CVE-2023-0140 CVE-2023-0141 CVE-2023-21719 CVE-2023-21775 CVE-2023-21795 CVE-2023-21796 |
CWE-ID | CWE-416 CWE-122 CWE-358 CWE-843 CWE-264 CWE-787 CWE-20 CWE-451 CWE-254 CWE-119 CWE-94 |
Exploitation vector | Network |
Public exploit |
Vulnerability #7 is being exploited in the wild. Vulnerability #9 is being exploited in the wild. |
Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system www-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium-bin Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component |
Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 56 vulnerabilities.
EUVDB-ID: #VU68241
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Skia component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68242
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3446
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebSQL. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68243
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3447
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Custom Tabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68244
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3448
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Permissions API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68245
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3449
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Safe Browsing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68246
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3450
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Peer Connection component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68813
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-3723
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU70038
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41115
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error. A local user can force the Edge Updater to run as SYSTEM and escalate privileges on the system.
Update the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69596
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-4135
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU69710
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4174
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69711
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4175
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Camera Capture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69712
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4176
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Lacros Graphics. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69713
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4177
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69714
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4178
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Mojo component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69715
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4179
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Audio component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69716
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4180
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Mojo component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69717
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4181
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Forms component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69718
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4182
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Fenced Frames in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69719
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4183
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Popup Blocker in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69720
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4184
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69721
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4185
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69722
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4186
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69723
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4187
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69724
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4188
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in CORS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69725
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4189
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69726
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4190
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Directory in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69727
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4191
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Sign-In in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69728
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4192
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Live Caption in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69729
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4193
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69730
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4194
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Accessibility in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69731
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4195
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Safe Browsing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70358
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4436
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink Media component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70359
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4437
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Mojo IPC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70360
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4438
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink Frames component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70361
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4439
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Aura component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70362
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4440
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Profiles in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69933
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44688
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69934
Risk: High
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44708
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when processing HTML content. A remote attacker can trick the victim to open a specially crafted web page, escape browser sandbox and compromise the affected system.
Update the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70943
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0128
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Overview Mode component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70944
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0129
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Network Service. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70945
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0130
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Fullscreen API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70946
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0131
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in iframe Sandbox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70947
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0132
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Permission prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70948
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0133
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Permission prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70949
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0134
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Cart in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70950
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0135
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Cart in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70951
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0136
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Fullscreen API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70952
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0137
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Platform Apps. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70953
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0138
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted HTML content in libphonenumber. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70954
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0139
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a improper input validation in Downloads in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70955
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0140
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in File System API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70956
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0141
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in CORS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71366
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21719
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insecure implementation of the Edge AutoFill Protection feature. A remote attacker can trick the victim into visiting a specially crafted website, bypass the Edge AutoFill Protection feature and gain access to sensitive information.
Update the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71147
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21775
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71291
Risk: High
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21795
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption, escape browser's sandbox and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71148
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21796
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 109.0.5414.74-r1
www-client/chromium-bin to version: 109.0.5414.74
www-client/google-chrome to version: 109.0.5414.74
www-client/microsoft-edge to version: 109.0.1518.61
Gentoo Linux: All versions
www-client/microsoft-edge: before 109.0.1518.61
www-client/google-chrome: before 109.0.5414.74
www-client/chromium-bin: before 109.0.5414.74
www-client/chromium: before 109.0.5414.74-r1
External linkshttp://security.gentoo.org/glsa/202305-10
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.