VuXML ID | Description |
8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 1 security fix:
- [1392715] High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22
Google is aware that an exploit for CVE-2022-4135 exists in the wild.
Discovery 2022-11-24 Entry 2022-11-25 chromium
< 107.0.5304.121
ungoogled-chromium
< 107.0.5304.121
CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
|
5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 28 security fixes, including:
- [1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27
- [1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04
- [1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08
- [1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28
- [1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18
- [1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24
- [1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26
- [1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09
- [1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28
- [1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22
- [1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01
- [1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10
- [1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21
- [1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04
- [1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30
- [1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15
- [1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27
- [1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12
- [1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14
- [1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19
- [1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03
- [1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06
Discovery 2022-11-29 Entry 2022-11-30 chromium
< 108.0.5359.71
ungoogled-chromium
< 108.0.5359.71
CVE-2022-4174
CVE-2022-4175
CVE-2022-4176
CVE-2022-4177
CVE-2022-4178
CVE-2022-4179
CVE-2022-4180
CVE-2022-4181
CVE-2022-4182
CVE-2022-4183
CVE-2022-4184
CVE-2022-4185
CVE-2022-4186
CVE-2022-4187
CVE-2022-4188
CVE-2022-4189
CVE-2022-4190
CVE-2022-4191
CVE-2022-4192
CVE-2022-4193
CVE-2022-4194
CVE-2022-4195
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
|
7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ec | chromium -- mulitple vulnerabilities
Chrome Releases reports:
This release contains 6 security fixes:
- [1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
- [1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
- [1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
- [1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
- [1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
- [1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30
Discovery 2022-10-11 Entry 2022-10-12 chromium
< 106.0.5249.119
ungoogled-chromium
< 106.0.5249.119
CVE-2022-3445
CVE-2022-3446
CVE-2022-3447
CVE-2022-3448
CVE-2022-3449
CVE-2022-3450
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html
|
d459c914-4100-11ed-9bc7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 3 security fixes, including:
- [1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22
- [1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21
Discovery 2022-09-30 Entry 2022-09-30 chromium
< 106.0.5249.91
CVE-2022-3370
CVE-2022-3373
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html
|
b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 14 security fixes, including:
- [1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
- [1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
- [1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
- [1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- [1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
- [1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
- [1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
- [1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
- [1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
- [1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04
Discovery 2022-10-25 Entry 2022-10-25 chromium
< 107.0.5304.68
ungoogled-chromium
< 107.0.5304.68
CVE-2022-3652
CVE-2022-3653
CVE-2022-3654
CVE-2022-3655
CVE-2022-3656
CVE-2022-3657
CVE-2022-3658
CVE-2022-3659
CVE-2022-3660
CVE-2022-3661
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
|
b59847e0-346d-11ed-8fe9-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release includes 11 security fixes, including:
- [1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31
- [1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30
- [1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30
- [1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23
- [1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22
- [1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22
- [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09
Discovery 2022-09-14 Entry 2022-09-14 chromium
< 105.0.5195.125
CVE-2022-3195
CVE-2022-3196
CVE-2022-3197
CVE-2022-3198
CVE-2022-3199
CVE-2022-3200
CVE-2022-3201
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
|
2899da38-7300-11ed-92ce-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release contains 1 security fix:
- [1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29
Google is aware that an exploit for CVE-2022-4262 exists in the wild.
Discovery 2022-12-02 Entry 2022-12-03 chromium
< 108.0.5359.94
ungoogled-chromium
< 108.0.5359.94
CVE-2022-4262
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
|
6b04476f-601c-11ed-92ce-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 10 security fixes, including:
- [1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
- [1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
- [1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
- [1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
- [1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
- [1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01
Discovery 2022-11-08 Entry 2022-11-09 chromium
< 107.0.5304.110
ungoogled-chromium
< 107.0.5304.110
CVE-2022-3885
CVE-2022-3886
CVE-2022-3887
CVE-2022-3888
CVE-2022-3889
CVE-2022-3890
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
|
18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 20 security fixes, including:
- [1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01
- [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09
- [1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24
- [1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27
- [1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08
- [1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08
- [1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29
- [1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16
- [1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04
- [1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06
- [1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20
- [1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24
- [1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05
- [1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07
- [1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24
- [1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22
Discovery 2022-09-27 Entry 2022-09-27 chromium
< 106.0.5249.61
CVE-2022-3201
CVE-2022-3304
CVE-2022-3305
CVE-2022-3306
CVE-2022-3307
CVE-2022-3308
CVE-2022-3309
CVE-2022-3310
CVE-2022-3311
CVE-2022-3312
CVE-2022-3313
CVE-2022-3314
CVE-2022-3315
CVE-2022-3316
CVE-2022-3317
CVE-2022-3318
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
|
1225c888-56ea-11ed-b5c3-3065ec8fd3ec | chromium -- Type confusion in V8
Chrome Releases reports:
This release contains 1 security fix:
- [1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan VojteÃ
¡ek, Milánek, and Przemek Gmerek of Avast on 2022-10-25
Discovery 2022-10-27 Entry 2022-10-28 chromium
< 107.0.5304.87
ungoogled-chromium
< 107.0.5304.87
CVE-2022-3723
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
|
83eb9374-7b97-11ed-be8f-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 8 security fixes, including:
- [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
- [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
- [1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
- [1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
- [1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09
Discovery 2022-12-13 Entry 2022-12-14 chromium
< 108.0.5359.124
ungoogled-chromium
< 108.0.5359.124
CVE-2022-4436
CVE-2022-4437
CVE-2022-4438
CVE-2022-4439
CVE-2022-4440
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
|
7b929503-911d-11ed-a925-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 17 security fixes, including:
- [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16
- [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07
- [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30
- [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28
- [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05
- [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17
- [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17
- [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18
- [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26
- [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10
- [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23
- [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24
- [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18
- [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12
Discovery 2023-01-10 Entry 2023-01-10 chromium
< 109.0.5414.74
ungoogled-chromium
< 109.0.5414.74
CVE-2023-0128
CVE-2023-0129
CVE-2023-0130
CVE-2023-0131
CVE-2023-0132
CVE-2023-0133
CVE-2023-0134
CVE-2023-0135
CVE-2023-0136
CVE-2023-0137
CVE-2023-0138
CVE-2023-0139
CVE-2023-0140
CVE-2023-0141
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
|
3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec | chromium -- multiple vulnerabilities
Chrome Releases reports:
This release contains 6 security fixes, including:
- [1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
- [1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
- [1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
- [1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14
Discovery 2023-01-24 Entry 2023-01-25 chromium
< 109.0.5414.119
ungoogled-chromium
< 109.0.5414.119
CVE-2023-0471
CVE-2023-0472
CVE-2023-0473
CVE-2023-0474
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
|