Total
470 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3071 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | |||||
CVE-2022-1489 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | N/A | 8.8 HIGH |
Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. | |||||
CVE-2022-1641 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. | |||||
CVE-2022-2296 | 2 Fedoraproject, Google | 4 Extra Packages For Enterprise Linux, Fedora, Chrome and 1 more | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. | |||||
CVE-2022-3048 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2023-12-10 | N/A | 6.8 MEDIUM |
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | |||||
CVE-2022-3042 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-3049 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2023-12-10 | N/A | 8.8 HIGH |
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-0308 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-0107 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-0603 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-38013 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-37964 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. | |||||
CVE-2021-30565 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. | |||||
CVE-2020-16038 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-16022 | 4 Apple, Google, Linux and 1 more | 7 Macos, Android, Chrome and 4 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page. | |||||
CVE-2020-16021 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file. | |||||
CVE-2020-16024 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2020-9746 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Macos, Chrome Os and 4 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. | |||||
CVE-2020-16019 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file. | |||||
CVE-2020-16035 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file. |