Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD5F7ED6EA-70A7-11ED-92CE-3065EC8FD3EC
HistoryNov 29, 2022 - 12:00 a.m.

chromium -- multiple vulnerabilities

2022-11-2900:00:00
vuxml.freebsd.org
15
type confusion v8
use after free camera capture
out of bounds write lacros graphics
use after free extensions
use after free mojo
use after free audio
use after free forms
inappropriate implementation fenced frames
insufficient policy enforcement popup blocker
insufficient policy enforcement autofill
inappropriate implementation navigation
insufficient validation untrusted input downloads
insufficient policy enforcement devtools
insufficient validation untrusted input cors
insufficient data validation directory
use after free sign-in
use after free live caption
insufficient policy enforcement file system api
use after free accessibility
insufficient policy enforcement safe browsing

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON

Chrome Releases reports:

This release contains 28 security fixes, including:

[1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27
[1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04
[1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08
[1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28
[1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18
[1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24
[1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26
[1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09
[1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28
[1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22
[1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01
[1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10
[1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21
[1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04
[1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30
[1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15
[1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27
[1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12
[1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14
[1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19
[1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03
[1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 108.0.5359.71UNKNOWN
FreeBSDanynoarchungoogled-chromium< 108.0.5359.71UNKNOWN

Related

nessus 8
debian 1
openvas 6
kaspersky 2
chrome 2
mageia 1
osv 19
altlinux 1
gentoo 1
rapid7blog 1
cvelist 18
prion 17
veracode 17
cve 19
ubuntucve 17
cnvd 17
mscve 15
nvd 17
debiancve 16
alpinelinux 2
hivepro 1
hackerone 1
nessus
nessus
Debian DSA-5293-1 : chromium - security update
2022-12-05 00:00:00
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10229-1)
2022-12-05 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec)
2022-11-30 00:00:00
debian
debian
[SECURITY] [DSA 5293-1] chromium security update
2022-12-03 14:24:37
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_29-2022-11) - Mac OS X
2022-12-01 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_29-2022-11) - Windows
2022-12-01 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_29-2022-11) - Linux
2022-12-01 00:00:00
kaspersky
kaspersky
KLA20104 Multiple vulnerabilities in Google Chrome
2022-11-29 00:00:00
KLA20109 Multiple vulnerabilities in Microsoft Browser
2022-12-05 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2022-11-29 00:00:00
Stable Channel Update for ChromeOS / ChromeOS Flex
2022-12-01 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-12-07 02:32:48
osv
osv
chromium - security update
2022-12-03 00:00:00
CVE-2022-4177
2022-11-30 00:15:10
CVE-2022-4178
2022-11-30 00:15:10
altlinux
altlinux
Security fix for the ALT Linux 10 package yandex-browser-stable version 23.1.2.1033-alt1
2023-04-04 00:00:00
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2023-05-03 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2022
2022-12-13 21:24:06
cvelist
cvelist
CVE-2022-4176
2022-11-29 00:00:00
CVE-2022-4177
2022-11-29 00:00:00
CVE-2022-4178
2022-11-29 00:00:00
prion
prion
Design/Logic Flaw
2022-11-30 00:15:00
Design/Logic Flaw
2022-11-30 00:15:00
Design/Logic Flaw
2022-11-30 00:15:00
veracode
veracode
Use After Free
2022-12-11 05:25:40
Out-of-bounds Write
2022-12-11 05:25:55
Denial Of Service (DoS)
2022-12-11 05:25:26
cve
cve
CVE-2022-4177
2022-11-30 00:15:10
CVE-2022-4178
2022-11-30 00:15:10
CVE-2022-4176
2022-11-30 00:15:10
ubuntucve
ubuntucve
CVE-2022-4178
2022-11-30 00:00:00
CVE-2022-4177
2022-11-30 00:00:00
CVE-2022-4174
2022-11-30 00:00:00
cnvd
cnvd
Google Chrome Extensions Code Execution Vulnerability (CNVD-2023-04555)
2022-11-30 00:00:00
Google Chrome has an unspecified vulnerability (CNVD-2022-86348)
2022-11-30 00:00:00
Google Chrome Lacros Graphics code execution vulnerability
2022-11-30 00:00:00
mscve
mscve
Chromium: CVE-2022-4177 Use after free in Extensions
2022-12-05 08:00:00
Chromium: CVE-2022-4174 Type Confusion in V8
2022-12-05 08:00:00
Chromium: CVE-2022-4178 Use after free in Mojo
2022-12-05 08:00:00
nvd
nvd
CVE-2022-4177
2022-11-30 00:15:10
CVE-2022-4178
2022-11-30 00:15:10
CVE-2022-4174
2022-11-30 00:15:09
debiancve
debiancve
CVE-2022-4178
2022-11-30 00:15:10
CVE-2022-4177
2022-11-30 00:15:10
CVE-2022-4176
2022-11-30 00:15:10
alpinelinux
alpinelinux
CVE-2022-4174
2022-11-30 00:15:09
CVE-2022-4179
2022-11-30 00:15:10
hivepro
hivepro
Google addressed an array of bugs with Chrome 108
2022-12-02 11:27:52
hackerone
hackerone
Nextcloud: Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious apps to communicate
2022-06-10 06:54:22

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON
Related for 5F7ED6EA-70A7-11ED-92CE-3065EC8FD3EC
nessus8debian1openvas6kaspersky2chrome2mageia1osv19altlinux1gentoo1rapid7blog1cvelist18prion17veracode17cve19ubuntucve17cnvd17mscve15nvd17debiancve16alpinelinux2hivepro1hackerone1