Google Chrome Chrome vulnerabilities

CVE-2022-4908 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4908 Stable Channel Update for Desktop CVE-2022-4908: Inappropriate implementation in iFrame Sandbox. Reported by Johan Carlsson @joaxcar on 2022-09-02 [$3000][ 1350111 ] Low CVE-2022-3661: Insufficient data validation in Extensions Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04 [ $1000][ 1356211 ] Low CVE-2022-4909: Inappropriate implementation in XML Severity: medium

CVE-2022-3445 [HIGH] Stable Channel Update for Desktop: CVE-2022-3445 Stable Channel Update for Desktop CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16 [$13000][ 1368076 ] High CVE-2022-3446: Heap buffer overflow in WebSQL Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26 [$7500][ 1366582 ] High CVE-2022-3447: Inappropriate implementation in Custom Tabs Severity: high

CVE-2022-3448 [HIGH] Stable Channel Update for Desktop: CVE-2022-3448 Stable Channel Update for Desktop CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13 [$TBD][ 1364662 ] High CVE-2022-3449: Use after free in Safe Browsing Reported by asnine on 2022-09-17 [$TBD][ 1369882 ] High CVE-2022-3450: Use after free in Peer Connection Severity: high

CVE-2022-3370 [HIGH] Stable Channel Update for Desktop: CVE-2022-3370 Stable Channel Update for Desktop CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A Severity: high

CVE-2022-3373 [HIGH] Stable Channel Update for Desktop: CVE-2022-3373 Stable Channel Update for Desktop CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2022-3304 [HIGH] Stable Channel Update for Desktop: CVE-2022-3304 Stable Channel Update for Desktop CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01 [$3000][ 1343104 ] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools Reported by NDevTK on 2022-07-09 [$TBD][ 1319229 ] High CVE-2022-3305: Use after free in Survey Severity: high

CVE-2022-3313 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-3313 Stable Channel Update for Desktop CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20 [$TBD][ 1328708 ] Medium CVE-2022-3314: Use after free in Logging Reported by Anonymous on 2022-05-24 [$7000][ 1322812 ] Medium CVE-2022-3315: Type confusion in Blink Severity: medium

CVE-2022-3308 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-3308 Stable Channel Update for Desktop CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 [$4000][ 1348415 ] Medium CVE-2022-3309: Use after free in Assistant Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 [$1000][ 1240065 ] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs Severity: medium

CVE-2022-3311 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-3311 Stable Channel Update for Desktop CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04 [$TBD][ 1303306 ] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN Reported by Andr Severity: medium

CVE-2022-3316 [LOW] Stable Channel Update for Desktop: CVE-2022-3316 Stable Channel Update for Desktop CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07 [$2000][ 1300539 ] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents Reported by Hafiizh on 2022-02-24 [$TBD][ 1318791 ] Low CVE-2022-3318: Use after free in ChromeOS Notifications Severity: low

CVE-2022-3443 [LOW] Stable Channel Update for Desktop: CVE-2022-3443 Stable Channel Update for Desktop CVE-2022-3443: Insufficient data validation in File System API. Reported by Maciej Pulikowski and Konrad Chrząszcz on 2021-08-27 [$1000][ 1208439 ] Low CVE-2022-3444: Insufficient data validation in File System API Reported by Archie Midha & Vallari Sharma on 2021-05-12 [$ 500][ 1349493 ] Low CVE-2022-4911: Insufficient data validation in DevTools Severity: low

CVE-2022-3198 [HIGH] Stable Channel Update for Desktop: CVE-2022-3198 Stable Channel Update for Desktop CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23 [$TBD][ 1355237 ] High CVE-2022-3199: Use after free in Frames Reported by Anonymous on 2022-08-22 [$1000][ 1355103 ] High CVE-2022-3200: Heap buffer overflow in Internals Severity: high

CVE-2022-3195 [HIGH] Stable Channel Update for Desktop: CVE-2022-3195 Stable Channel Update for Desktop CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31 [$10000][ 1358090 ] High CVE-2022-3196: Use after free in PDF Reported by triplepwns on 2022-08-30 [$TBD][ 1358075 ] High CVE-2022-3197: Use after free in PDF Severity: high

CVE-2022-3842 [HIGH] Stable Channel Update for Desktop: CVE-2022-3842 Stable Channel Update for Desktop CVE-2022-3842: Use after free in Passwords. Reported by Sergei Glazunov of Google Project Zero on 2022-08-12 [$TBD][ 1343104 ] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools Reported by NDevTK on 2022-07-09 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable chan

CVE-2022-3075 [CRITICAL] Long Term Support Candidate Channel for ChromeOS: CVE-2022-3075 Long Term Support Candidate Channel for ChromeOS CVE-2022-3075

CVE-2022-3042 [HIGH] Long Term Support Candidate Channel for ChromeOS: CVE-2022-3042 Long Term Support Candidate Channel for ChromeOS CVE-2022-3042

CVE-2022-2857 [HIGH] Long Term Support Candidate Channel for ChromeOS: CVE-2022-2857 Long Term Support Candidate Channel for ChromeOS CVE-2022-2857

CVE-2022-2617 [HIGH] Long Term Support Candidate Channel for ChromeOS: CVE-2022-2617 Long Term Support Candidate Channel for ChromeOS CVE-2022-2617

CVE-2022-2606 [HIGH] Long Term Support Candidate Channel for ChromeOS: CVE-2022-2606 Long Term Support Candidate Channel for ChromeOS CVE-2022-2606

CVE-2022-2614 [HIGH] Long Term Support Candidate Channel for ChromeOS: CVE-2022-2614 Long Term Support Candidate Channel for ChromeOS CVE-2022-2614