Google Chrome vulnerabilities

CVE-2022-0112 [MEDIUM] CVE-2022-0112: Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.

CVE-2022-0108 [MEDIUM] CWE-346 CVE-2022-0108: Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote a Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-0111 [MEDIUM] CWE-346 CVE-2022-0111: Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote a Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.

CVE-2021-4101 [HIGH] CWE-787 CVE-2021-4101: Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacke Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-4102 [HIGH] CWE-416 CVE-2021-4102: Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentiall Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-4100 [HIGH] CWE-125 CVE-2021-4100: Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-4099 [HIGH] CWE-416 CVE-2021-4099: Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to p Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-4098 [HIGH] CWE-367 CVE-2021-4098: Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attack Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-38013 [CRITICAL] CWE-787 CVE-2021-38013: Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 a Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-4052 [HIGH] CWE-416 CVE-2021-4052: Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2021-4064 [HIGH] CWE-416 CVE-2021-4064: Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38015 [HIGH] CWE-20 CVE-2021-38015: Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

CVE-2021-4061 [HIGH] CWE-843 CVE-2021-4061: Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38016 [HIGH] CWE-863 CVE-2021-38016: Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2021-4055 [HIGH] CWE-787 CVE-2021-4055: Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who co Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2021-4062 [HIGH] CWE-787 CVE-2021-4062: Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38017 [HIGH] CWE-863 CVE-2021-38017: Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a r Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2021-38014 [HIGH] CWE-787 CVE-2021-38014: Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38011 [HIGH] CWE-416 CVE-2021-38011: Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacke Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38007 [HIGH] CWE-843 CVE-2021-38007: Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.