Google Chrome vulnerabilities

CVE-2022-2158 [HIGH] CWE-416 CVE-2022-2158: Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2415 [HIGH] CWE-787 CVE-2022-2415: Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to p Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2294 [HIGH] CWE-787 CVE-2022-2294: Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2477 [HIGH] CWE-416 CVE-2022-2477: Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convin Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2481 [HIGH] CWE-416 CVE-2022-2481: Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convi Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.

CVE-2022-2161 [HIGH] CWE-416 CVE-2022-2161: Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2478 [HIGH] CWE-416 CVE-2022-2478: Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentia Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2164 [MEDIUM] CVE-2022-2164: Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an at Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

CVE-2022-2165 [MEDIUM] CVE-2022-2165: Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a rem Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2022-2160 [MEDIUM] CWE-362 CVE-2022-2160: Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allow Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

CVE-2022-2479 [MEDIUM] CWE-20 CVE-2022-2479: Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.1 Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.

CVE-2022-1853 [CRITICAL] CWE-416 CVE-2022-1853: Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to po Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2022-1864 [HIGH] CWE-416 CVE-2022-1864: Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who co Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

CVE-2022-1876 [HIGH] CWE-787 CVE-2022-1876: Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who con Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1860 [HIGH] CWE-416 CVE-2022-1860: Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remo Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.

CVE-2022-1859 [HIGH] CWE-416 CVE-2022-1859: Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attac Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-1866 [HIGH] CWE-416 CVE-2022-1866: Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.

CVE-2022-1874 [HIGH] CVE-2022-1874: Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allo Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.

CVE-2022-1861 [HIGH] CWE-416 CVE-2022-1861: Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote atta Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.

CVE-2022-1855 [HIGH] CWE-416 CVE-2022-1855: Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to pot Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.