Google Chrome Web browser

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74

CVE-2023-0131 6.5 - Medium - January 10, 2023

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74

CVE-2023-0129 8.8 - High - January 10, 2023

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

Memory Corruption

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0134 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0135 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74

CVE-2023-0138 8.8 - High - January 10, 2023

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74

CVE-2023-0141 4.3 - Medium - January 10, 2023

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81

CVE-2019-13768 7.4 - High - January 02, 2023

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72

CVE-2021-21200 5.4 - Medium - January 02, 2023

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

Out-of-bounds Read

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30558 8.8 - High - January 02, 2023

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51

CVE-2022-0801 6.1 - Medium - January 02, 2023

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)

XSS

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79

CVE-2022-2743 8.8 - High - January 02, 2023

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)

Integer Overflow or Wraparound

Use after free in Passwords in Google Chrome prior to 105.0.5195.125

CVE-2022-3842 7.5 - High - January 02, 2023

Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Browser History in Google Chrome prior to 100.0.4896.75

CVE-2022-3863 6.1 - Medium - January 02, 2023

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80

CVE-2022-4025 4.3 - Medium - January 02, 2023

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)

Exposure of Resource to Wrong Sphere

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124

CVE-2022-4436 8.8 - High - December 14, 2022

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124

CVE-2022-4437 8.8 - High - December 14, 2022

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124

CVE-2022-4438 8.8 - High - December 14, 2022

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Profiles in Google Chrome prior to 108.0.5359.124

CVE-2022-4440 8.8 - High - December 14, 2022

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 108.0.5359.94

CVE-2022-4262 8.8 - High - December 02, 2022

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type confusion in V8 in Google Chrome prior to 108.0.5359.71

CVE-2022-4174 8.8 - High - November 30, 2022

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71

CVE-2022-4175 8.8 - High - November 30, 2022

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Extensions in Google Chrome prior to 108.0.5359.71

CVE-2022-4177 8.8 - High - November 30, 2022

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo in Google Chrome prior to 108.0.5359.71

CVE-2022-4178 8.8 - High - November 30, 2022

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Audio in Google Chrome prior to 108.0.5359.71

CVE-2022-4179 8.8 - High - November 30, 2022

Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo in Google Chrome prior to 108.0.5359.71

CVE-2022-4180 8.8 - High - November 30, 2022

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Dangling pointer

Use after free in Forms in Google Chrome prior to 108.0.5359.71

CVE-2022-4181 8.8 - High - November 30, 2022

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71

CVE-2022-4182 4.3 - Medium - November 30, 2022

Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71

CVE-2022-4183 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71

CVE-2022-4184 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71

CVE-2022-4186 4.3 - Medium - November 30, 2022

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71

CVE-2022-4189 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71

CVE-2022-4190 8.8 - High - November 30, 2022

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71

CVE-2022-4191 8.8 - High - November 30, 2022

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)

Dangling pointer

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71

CVE-2022-4192 8.8 - High - November 30, 2022

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71

CVE-2022-4193 8.8 - High - November 30, 2022

Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71

CVE-2022-4194 8.8 - High - November 30, 2022

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71

CVE-2022-4195 4.3 - Medium - November 30, 2022

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121

CVE-2022-4135 9.6 - Critical - November 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Skia in Google Chrome prior to 106.0.5249.119

CVE-2022-3445 8.8 - High - November 09, 2022

Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119

CVE-2022-3446 8.8 - High - November 09, 2022

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Permissions API in Google Chrome prior to 106.0.5249.119

CVE-2022-3448 8.8 - High - November 09, 2022

Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119

CVE-2022-3449 8.8 - High - November 09, 2022

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Dangling pointer

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119

CVE-2022-3450 8.8 - High - November 09, 2022

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in V8 in Google Chrome prior to 107.0.5304.106

CVE-2022-3885 8.8 - High - November 09, 2022

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106

CVE-2022-3887 8.8 - High - November 09, 2022

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106

CVE-2022-3888 8.8 - High - November 09, 2022

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 107.0.5304.106

CVE-2022-3889 8.8 - High - November 09, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106

CVE-2022-3886 8.8 - High - November 09, 2022

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106

CVE-2022-3890 9.6 - Critical - November 09, 2022

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Type confusion in V8 in Google Chrome prior to 107.0.5304.87

CVE-2022-3723 8.8 - High - November 01, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62

CVE-2022-3661 4.3 - Medium - November 01, 2022

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Improper Input Validation

Use after free in Extensions in Google Chrome prior to 107.0.5304.62

CVE-2022-3657 8.8 - High - November 01, 2022

Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

Dangling pointer

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62

CVE-2022-3656 8.8 - High - November 01, 2022

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62

CVE-2022-3655 8.8 - High - November 01, 2022

Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Use after free in Layout in Google Chrome prior to 107.0.5304.62

CVE-2022-3654 8.8 - High - November 01, 2022

Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62

CVE-2022-3653 8.8 - High - November 01, 2022

Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Type confusion in V8 in Google Chrome prior to 107.0.5304.62

CVE-2022-3652 8.8 - High - November 01, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62

CVE-2022-3313 6.5 - Medium - November 01, 2022

Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Use after free in import in Google Chrome prior to 106.0.5249.62

CVE-2022-3311 6.5 - Medium - November 01, 2022

Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62

CVE-2022-3443 4.3 - Medium - November 01, 2022

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)

Improper Input Validation

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62

CVE-2022-3316 4.3 - Medium - November 01, 2022

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)

Improper Input Validation

Type confusion in Blink in Google Chrome prior to 106.0.5249.62

CVE-2022-3315 8.8 - High - November 01, 2022

Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Object Type Confusion

Use after free in logging in Google Chrome prior to 106.0.5249.62

CVE-2022-3314 6.5 - Medium - November 01, 2022

Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62

CVE-2022-3312 4.6 - Medium - November 01, 2022

Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)

Improper Input Validation

Use after free in media in Google Chrome prior to 106.0.5249.62

CVE-2022-3307 8.8 - High - November 01, 2022

Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62

CVE-2022-3308 7.4 - High - November 01, 2022

Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62

CVE-2022-3444 4.3 - Medium - November 01, 2022

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)

Improper Input Validation

Use after free in CSS in Google Chrome prior to 106.0.5249.62

CVE-2022-3304 8.8 - High - November 01, 2022

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91

CVE-2022-3370 8.8 - High - November 01, 2022

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91

CVE-2022-3373 8.8 - High - November 01, 2022

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75

CVE-2019-5797 7.5 - High - September 29, 2022

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Double-free

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101

CVE-2022-2860 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52

CVE-2022-3046 8.8 - High - September 26, 2022

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3041 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Layout in Google Chrome prior to 105.0.5195.52

CVE-2022-3040 8.8 - High - September 26, 2022

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3039 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Network Service in Google Chrome prior to 105.0.5195.52

CVE-2022-3038 8.8 - High - September 26, 2022

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101

CVE-2022-2998 8.8 - High - September 26, 2022

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52

CVE-2022-3058 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.

Dangling pointer

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52

CVE-2022-3057 6.5 - Medium - September 26, 2022

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

AuthZ

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52

CVE-2022-3056 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Use after free in Passwords in Google Chrome prior to 105.0.5195.52

CVE-2022-3055 8.8 - High - September 26, 2022

Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52

CVE-2022-3047 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

AuthZ

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52

CVE-2022-3045 8.8 - High - September 26, 2022

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

AuthZ

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52

CVE-2022-3044 6.5 - Medium - September 26, 2022

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

AuthZ

Use after free in Blink in Google Chrome prior to 104.0.5112.101

CVE-2022-2857 8.8 - High - September 26, 2022

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101

CVE-2022-2855 8.8 - High - September 26, 2022

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101

CVE-2022-2854 8.8 - High - September 26, 2022

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52

CVE-2022-3054 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in FedCM in Google Chrome prior to 104.0.5112.101

CVE-2022-2852 8.8 - High - September 26, 2022

Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3196 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3197 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3198 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in Frames in Google Chrome prior to 105.0.5195.125

CVE-2022-3199 8.8 - High - September 26, 2022

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102

CVE-2022-3075 9.6 - Critical - September 26, 2022

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Improper Input Validation

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125

CVE-2022-3200 8.8 - High - September 26, 2022

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125

CVE-2022-3195 8.8 - High - September 26, 2022

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101

CVE-2022-2861 6.5 - Medium - September 26, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

AuthZ

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101

CVE-2022-2858 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.

Dangling pointer

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101

CVE-2022-2859 8.8 - High - September 26, 2022

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.

Dangling pointer