Lucene search

FreeBSDE852F43C-846E-11EC-B043-3065EC8FD3EC

HistoryFeb 01, 2022 - 12:00 a.m.

chromium -- multiple vulnerabilities

2022-02-0100:00:00

vuxml.freebsd.org

use after free

heap buffer overflow

type confusion

policy bypass

inappropriate implementation

out of bounds memory access

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.01

Percentile

83.9%

JSON

Chrome Releases reports:

This release contains 27 security fixes, including:

[1284584] High CVE-2022-0452: Use after free in Safe Browsing.
Reported by avaue at S.S.L. on 2022-01-05
[1284916] High CVE-2022-0453: Use after free in Reader Mode.
Reported by Rong Jian of VRI on 2022-01-06
[1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE.
Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
2022-01-17
[1270593] High CVE-2022-0455: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-16
[1289523] High CVE-2022-0456: Use after free in Web Search.
Reported by Zhihua Yao of KunLun Lab on 2022-01-21
[1274445] High CVE-2022-0457: Type Confusion in V8. Reported by
rax of the Group0x58 on 2021-11-29
[1267060] High CVE-2022-0458: Use after free in Thumbnail Tab
Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-11-05
[1244205] High CVE-2022-0459: Use after free in Screen Capture.
Reported by raven (@raid_akame) on 2021-08-28
[1250227] Medium CVE-2022-0460: Use after free in Window Dialog.
Reported by 0x74960 on 2021-09-16
[1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported
by NDevTK on 2021-10-05
[1270470] Medium CVE-2022-0462: Inappropriate implementation in
Scroll. Reported by Youssef Sammouda on 2021-11-16
[1268240] Medium CVE-2022-0463: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-09
[1270095] Medium CVE-2022-0464: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-14
[1281941] Medium CVE-2022-0465: Use after free in Extensions.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-22
[1115460] Medium CVE-2022-0466: Inappropriate implementation in
Extensions Platform. Reported by David Erceg on 2020-08-12
[1239496] Medium CVE-2022-0467: Inappropriate implementation in
Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13
[1252716] Medium CVE-2022-0468: Use after free in Payments.
Reported by Krace on 2021-09-24
[1279531] Medium CVE-2022-0469: Use after free in Cast. Reported
by Thomas Orlita on 2021-12-14
[1269225] Low CVE-2022-0470: Out of bounds memory access in V8.
Reported by Looben Yang on 2021-11-11

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 98.0.4758.80UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	chromium	< 98.0.4758.80	UNKNOWN

References

chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.01

Percentile

83.9%

JSON

Related for E852F43C-846E-11EC-B043-3065EC8FD3EC