Google Chrome Chrome vulnerabilities

CVE-2022-1865 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-1865 Long Term Support Channel Update for ChromeOS CVE-2022-1865

CVE-2022-1861 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-1861 Long Term Support Channel Update for ChromeOS CVE-2022-1861

CVE-2022-1855 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-1855 Long Term Support Channel Update for ChromeOS CVE-2022-1855

CVE-2022-1863 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-1863 Long Term Support Channel Update for ChromeOS CVE-2022-1863

CVE-2022-1862 [MEDIUM] Long Term Support Channel Update for ChromeOS: CVE-2022-1862 Long Term Support Channel Update for ChromeOS CVE-2022-1862

CVE-2022-2158 [HIGH] Stable Channel Update for Desktop: CVE-2022-2158 Stable Channel Update for Desktop CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29 [NA][ 1316368 ] High CVE-2022-2415: Heap buffer overflow in WebGL Reported by Mark Brand of Google Project Zero on 2022-04-14 [$3000][ 1116450 ] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools Severity: high

CVE-2022-2161 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-2161 Stable Channel Update for Desktop CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30 [$2000][ 1307930 ] Medium CVE-2022-2162: Insufficient policy enforcement in File System API Reported by Abdelhamid Naceri (halov) on 2022-03-19 [$ 3000][ 1311683 ] Low CVE-2022-4917: Incorrect security UI in Notifications Severity: medium

CVE-2022-2164 [LOW] Stable Channel Update for Desktop: CVE-2022-2164 Stable Channel Update for Desktop CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10 [$500][ 1250993 ] Low CVE-2022-2165: Insufficient data validation in URL formatting Reported by Rayyan Bijoora on 2021-09-19 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs

CVE-2022-2587 [HIGH] Stable Channel Update for ChromeOS: CVE-2022-2587 Stable Channel Update for ChromeOS CVE-2022-2587: Out of bounds write in OS Audio Server. Reported by Jonathan Bar Or, @yo_yo_yo_jbo on 2022-04-28 If you find new issues, plea let us know one of the following ways File a bug Visit our Chrome OS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta Help Community Report an issue or send feedback on Chrome Interested in switching channels? Find out how Sev

CVE-2022-2007 [HIGH] Stable Channel Update for Desktop: CVE-2022-2007 Stable Channel Update for Desktop CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 [$TBD][ 1317673 ] High CVE-2022-2008: Out of bounds memory access in WebGL Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19 [$NA][ 1325298 ] High CVE-2022-2010: Out of bounds read in compositing Severity: high

CVE-2022-2011 [HIGH] Stable Channel Update for Desktop: CVE-2022-2011 Stable Channel Update for Desktop CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2022-1638 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-1638 Long Term Support Channel Update for ChromeOS CVE-2022-1638: Heap buffer overflow in V8 Internationalization. 1316990 High CVE-2022-1633: Use after free in Sharesheet Severity: high

CVE-2022-1859 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2022-1859 Long Term Support Channel Update for ChromeOS CVE-2022-1859: Use after free in Performance Manager. 1297283 High CVE-2022-1636: Use after free in Performance APIs 1278608 High CVE-2021-43527 [internally reported] 1304660 High CVE-2022-23308 CrOS: Vulnerability reported in dev-libs/libxml2 1315563 Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer Severity: high

CVE-2022-1489 [MEDIUM] Long Term Support Channel Update for ChromeOS: CVE-2022-1489 Long Term Support Channel Update for ChromeOS CVE-2022-1489: Out of bounds memory access in UI Shelf. Giuliana Pritchard Google Chrome OS Severity: medium

CVE-2022-1856 [HIGH] Stable Channel Update for Desktop: CVE-2022-1856 Stable Channel Update for Desktop CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06 [$2000][ 1227995 ] High CVE-2022-1857: Insufficient policy enforcement in File System API Reported by Daniel Rhea on 2021-07-11 [$1000][ 1314310 ] High CVE-2022-1858: Out of bounds read in DevTools Severity: high

CVE-2022-1867 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1867 Stable Channel Update for Desktop CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michał Bentkowski of Securitum on 2022-04-12 [$TBD][ 1301203 ] Medium CVE-2022-1868: Inappropriate implementation in Extensions API Reported by Alesandro Ortiz on 2022-02-28 [$NA][ 1309467 ] Medium CVE-2022-1869: Type Confusion in V8 Severity: medium

CVE-2022-1870 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1870 Stable Channel Update for Desktop CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06 [$7000][ 1308199 ] Low CVE-2022-1871: Insufficient policy enforcement in File System API Reported by Thomas Orlita on 2022-03-21 [$7000][ 1310461 ] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API Severity: medium

CVE-2022-1864 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1864 Stable Channel Update for Desktop CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28 [$3000][ 1289192 ] Medium CVE-2022-1865: Use after free in Bookmarks Reported by Rong Jian of VRI on 2022-01-20 [$3000][ 1292264 ] Medium CVE-2022-1866: Use after free in Tablet Mode Severity: medium

CVE-2022-1873 [LOW] Stable Channel Update for Desktop: CVE-2022-1873 Stable Channel Update for Desktop CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11 [$500][ 1251588 ] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing Reported by hjy79425575 on 2021-09-21 [$500][ 1306443 ] Low CVE-2022-1875: Inappropriate implementation in PDF Severity: low

CVE-2022-1876 [LOW] Stable Channel Update for Desktop: CVE-2022-1876 Stable Channel Update for Desktop CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low