Google Chrome vulnerabilities

CVE-2022-2615 [MEDIUM] CWE-565 CVE-2022-2615: Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-2622 [MEDIUM] CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104 Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.

CVE-2022-2611 [MEDIUM] CVE-2022-2611: Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 al Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2022-2618 [MEDIUM] CWE-20 CVE-2022-2618: Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allo Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

CVE-2022-2619 [MEDIUM] CWE-116 CVE-2022-2619: Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allow Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.

CVE-2022-2612 [MEDIUM] CWE-203 CVE-2022-2612: Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2022-2605 [MEDIUM] CWE-125 CVE-2022-2605: Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to pote Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2010 [CRITICAL] CWE-125 CVE-2022-2010: Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2022-2399 [HIGH] CWE-416 CVE-2022-2399: Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potent Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2163 [HIGH] CWE-416 CVE-2022-2163: Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker w Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

CVE-2022-2157 [HIGH] CWE-416 CVE-2022-2157: Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2296 [HIGH] CWE-416 CVE-2022-2296: Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a re Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

CVE-2022-2008 [HIGH] CWE-415 CVE-2022-2008: Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potential Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2480 [HIGH] CWE-416 CVE-2022-2480: Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attac Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2295 [HIGH] CWE-843 CVE-2022-2295: Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2007 [HIGH] CWE-416 CVE-2022-2007: Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to poten Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2156 [HIGH] CWE-416 CVE-2022-2156: Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentia Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2162 [HIGH] CVE-2022-2162: Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.5 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

CVE-2022-1919 [HIGH] CWE-416 CVE-2022-1919: Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potent Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2011 [HIGH] CWE-416 CVE-2022-2011: Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potent Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.