Google Chrome Chrome vulnerabilities

CVE-2022-4926 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4926 Stable Channel Update for Desktop CVE-2022-4926: Insufficient policy enforcement in Intents. Reported by Philipp Beer on 2022-06-07 and Axel Chong on 2022-09-26 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2023-0137 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-0137 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2023-0137

CVE-2023-0131 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-0131 Stable Channel Update for Desktop CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28 [$3000][ 1371215 ] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts Reported by Jasper Rebane (popstonia) on 2022-10-05 [$3000][ 1375132 ] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts Severity: medium

CVE-2023-0134 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-0134 Stable Channel Update for Desktop CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 [$2500][ 1385831 ] Medium CVE-2023-0135: Use after free in Cart Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 [$2000][ 1356987 ] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API Severity: medium

CVE-2023-0141 [LOW] Stable Channel Update for Desktop: CVE-2023-0141 Stable Channel Update for Desktop CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2023-0138 [LOW] Stable Channel Update for Desktop: CVE-2023-0138 Stable Channel Update for Desktop CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23 [$2000][ 1367632 ] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads Reported by Axel Chong on 2022-09-24 [$1000][ 1326788 ] Low CVE-2023-0140: Inappropriate implementation in File System API Severity: low

CVE-2022-42720 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-42720 Long Term Support Channel Update for ChromeOS CVE-2022-42720

CVE-2022-4436 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-4436 Long Term Support Channel Update for ChromeOS CVE-2022-4436

CVE-2022-42719 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-42719 Long Term Support Channel Update for ChromeOS CVE-2022-42719

CVE-2022-4437 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-4437 Long Term Support Channel Update for ChromeOS CVE-2022-4437

CVE-2022-41674 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-41674 Long Term Support Channel Update for ChromeOS CVE-2022-41674

CVE-2022-4135 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2022-4135 Long Term Support Channel Update for ChromeOS CVE-2022-4135

CVE-2022-4178 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-4178 Long Term Support Channel Update for ChromeOS CVE-2022-4178

CVE-2022-4181 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-4181 Long Term Support Channel Update for ChromeOS CVE-2022-4181

CVE-2022-4179 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-4179 Long Term Support Channel Update for ChromeOS CVE-2022-4179

CVE-2022-4439 [HIGH] Stable Channel Update for Desktop: CVE-2022-4439 Stable Channel Update for Desktop CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22 [$3000][ 1382761 ] Medium CVE-2022-4440: Use after free in Profiles Reported by Anonymous on 2022-11-09 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2022-4262 [HIGH] Stable Channel Update for Desktop: CVE-2022-4262 Stable Channel Update for Desktop CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2022-4176 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2022-4176 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2022-4176

CVE-2022-3038 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-3038 Long Term Support Channel Update for ChromeOS CVE-2022-3038

CVE-2022-4177 [HIGH] Stable Channel Update for Desktop: CVE-2022-4177 Stable Channel Update for Desktop CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28 [$NA][ 1376099 ] High CVE-2022-4178: Use after free in Mojo Reported by Sergei Glazunov of Google Project Zero on 2022-10-18 [$NA][ 1377783 ] High CVE-2022-4179: Use after free in Audio Severity: high