Google Chrome Chrome vulnerabilities

CVE-2022-1636 [HIGH] Stable Channel Update for Desktop: CVE-2022-1636 Stable Channel Update for Desktop CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15 [$TBD][ 1311820 ] High CVE-2022-1637: Inappropriate implementation in Web Contents Reported by Alesandro Ortiz on 2022-03-31 [$TBD][ 1316946 ] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization Severity: high

CVE-2022-1639 [HIGH] Stable Channel Update for Desktop: CVE-2022-1639 Stable Channel Update for Desktop CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19 [$TBD][ 1320592 ] High CVE-2022-1640: Use after free in Sharing Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28 [$5000][ 1305068 ] Medium CVE-2022-1641: Use after free in Web UI Diagnostics Severity: high

CVE-2022-1633 [HIGH] Stable Channel Update for Desktop: CVE-2022-1633 Stable Channel Update for Desktop CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 [$3000][ 1314908 ] High CVE-2022-1634: Use after free in Browser UI Reported by Khalil Zhani on 2022-04-09 [$3000][ 1319797 ] High CVE-2022-1635: Use after free in Permission Prompts Severity: high

CVE-2022-1312 [HIGH] Long Term Support Channel Update: CVE-2022-1312 Long Term Support Channel Update CVE-2022-1312: Use after free in storage. 1283050 High CVE-2022-1308: Use after free in BFCache Severity: high

CVE-2022-1311 [HIGH] Long Term Support Channel Update: CVE-2022-1311 Long Term Support Channel Update CVE-2022-1311: Use after free in Chrome OS shell. 1292261 High CVE-2022-1125: Use after free in Portals Severity: high

CVE-2022-1139 [MEDIUM] Long Term Support Channel Update: CVE-2022-1139 Long Term Support Channel Update CVE-2022-1139: Inappropriate implementation in Background Fetch API 1315901 CVE-2022-1364: Type Confusion in V8. Giuliana Pritchard Google Chrome OS Severity: medium

CVE-2022-4919 [HIGH] Stable Channel Update for Desktop: CVE-2022-4919 Stable Channel Update for Desktop CVE-2022-4919: Use after free in Base Internals. Reported by Sri on 2022-04-01 [$NA][ 1304987 ] High CVE-2022-1482: Inappropriate implementation in WebGL Reported by Christoph Diehl, Microsoft on 2022-03-10 [$NA][ 1314754 ] High CVE-2022-1483: Heap buffer overflow in WebGPU Severity: high

CVE-2022-4920 [HIGH] Stable Channel Update for Desktop: CVE-2022-4920 Stable Channel Update for Desktop CVE-2022-4920: Heap buffer overflow in Blink. Reported by Shih-Fong Peng (@_L4ys) of TrapaSecurity on 2022-03-16 [$5000][ 1302949 ] High CVE-2022-1481: Use after free in Sharing Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04 [$7500][ 1313709 ] High CVE-2022-1919: Use after free in Codecs Severity: high

CVE-2022-1477 [HIGH] Stable Channel Update for Desktop: CVE-2022-1477 Stable Channel Update for Desktop CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06 [$7000][ 1299261 ] High CVE-2022-1478: Use after free in SwiftShader Reported by SeongHwan Park (SeHwa) on 2022-02-20 [$7000][ 1305190 ] High CVE-2022-1479: Use after free in ANGLE Severity: high

CVE-2022-1484 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1484 Stable Channel Update for Desktop CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15 [$7500][ 1299743 ] Medium CVE-2022-1485: Use after free in File System API Reported by Anonymous on 2022-02-22 [$7500][ 1314616 ] Medium CVE-2022-1486: Type Confusion in V8 Severity: medium

CVE-2022-1495 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1495 Stable Channel Update for Desktop CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28 [$1000][ 1306391 ] Medium CVE-2022-1496: Use after free in File Manager Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15 [$NA][ 1264543 ] Medium CVE-2022-1497: Inappropriate implementation in Input Severity: medium

CVE-2022-1487 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1487 Stable Channel Update for Desktop CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09 [$5000][ 1302959 ] Medium CVE-2022-1488: Inappropriate implementation in Extensions API Reported by Thomas Beverley from Wavebox Severity: medium

CVE-2022-1492 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1492 Stable Channel Update for Desktop CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michał Bentkowski of Securitum on 2022-04-11 [$1000][ 1275414 ] Medium CVE-2022-1493: Use after free in Dev Tools Reported by Zhihua Yao of KunLun Lab on 2021-12-01 [$1000][ 1298122 ] Medium CVE-2022-1494: Insufficient data validation in Trusted Types Severity: medium

CVE-2022-1501 [LOW] Stable Channel Update for Desktop: CVE-2022-1501 Stable Channel Update for Desktop CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2022-1498 [LOW] Stable Channel Update for Desktop: CVE-2022-1498 Stable Channel Update for Desktop CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14 [$NA][ 1000408 ] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04 [$TBD][ 1223475 ] Low CVE-2022-1500: Insufficient data validation in Dev Tools Severity: low

CVE-2022-1131 [HIGH] Long Term Support Channel Update: CVE-2022-1131 Long Term Support Channel Update CVE-2022-1131: Use after free in Cast UI. 1303253 Medium CVE-2022-1141: Use after free in File Manager Severity: high

CVE-2022-1096 [HIGH] Long Term Support Channel Update: CVE-2022-1096 Long Term Support Channel Update CVE-2022-1096: Type Confusion in V8. 1311641 High CVE-2022-1232: Type Confusion in V8 Severity: high

CVE-2022-1143 [MEDIUM] Long Term Support Channel Update: CVE-2022-1143 Long Term Support Channel Update CVE-2022-1143: Heap buffer overflow in WebUI. 1304145 Medium CVE-2022-1144: Use after free in WebUI Severity: medium

CVE-2022-1142 [MEDIUM] Long Term Support Channel Update: CVE-2022-1142 Long Term Support Channel Update CVE-2022-1142: Heap buffer overflow in WebUI. 1304545 Medium CVE-2022-1145: Use after free in Extensions Severity: medium

CVE-2022-1364 [HIGH] Chrome for Android Update: CVE-2022-1364 Chrome for Android Update CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-04-13 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high