Google Chrome Chrome vulnerabilities

CVE-2022-1305 [HIGH] Stable Channel Update for Desktop: CVE-2022-1305 Stable Channel Update for Desktop CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07 [$3000][ 1299287 ] High CVE-2022-1306: Inappropriate implementation in compositing Reported by Sven Dysthe on 2022-02-21 [$7500][$3000][ 1259492 ][ 1301873 ] High CVE-2022-1307: Inappropriate implementation in full screen Severity: high

CVE-2022-1308 [HIGH] Stable Channel Update for Desktop: CVE-2022-1308 Stable Channel Update for Desktop CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci @sametbekmezci on 2021-12-28 [$TBD][ 1106456 ] High CVE-2022-1309: Insufficient policy enforcement in developer tools Reported by David Erceg on 2020-07-17 [$TBD][ 1307610 ] High CVE-2022-1310: Use after free in regular expressions Severity: high

CVE-2022-1313 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1313 Stable Channel Update for Desktop CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16 [$TBD][ 1304658 ] Medium CVE-2022-1314: Type Confusion in V8 Reported by Bohan Liu (@P4nda20371774) and exp-sky of Tencent Security Xuanwu Lab on 2022-03-09 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the st

CVE-2022-0977 [HIGH] Long Term Support Channel Update: CVE-2022-0977 Long Term Support Channel Update CVE-2022-0977: Use after free in Browser UI. 1291986 High CVE-2022-0974 : Use after free in Splitscreen (chromeOS) 1301320 High CVE-2022-0972: Use after free in Extensions Severity: high

CVE-2022-1232 [HIGH] Stable Channel Update for Desktop: CVE-2022-1232 Stable Channel Update for Desktop CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30 [ $16000][ 1306507 ] High CVE-2022-3863: Use after free in History Reported by Anonymous on 2022-03-15 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2022-1129 [HIGH] Stable Channel Update for Desktop: CVE-2022-1129 Stable Channel Update for Desktop CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24 [$1000][ 1142269 ] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP Reported by Sergey Toshin of Oversecurity Inc Severity: high

CVE-2022-1125 [HIGH] Stable Channel Update for Desktop: CVE-2022-1125 Stable Channel Update for Desktop CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 [$5000][ 1291891 ] High CVE-2022-1127: Use after free in QR Code Generator Reported by anonymous on 2022-01-28 [$5000][ 1301920 ] High CVE-2022-1128: Inappropriate implementation in Web Share API Severity: high

CVE-2022-1133 [HIGH] Stable Channel Update for Desktop: CVE-2022-1133 Stable Channel Update for Desktop CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13 [$TBD][ 1308360 ] High CVE-2022-1134: Type Confusion in V8 Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21 [$16000][ 1285601 ] Medium CVE-2022-1135: Use after free in Shopping Cart Severity: high

CVE-2022-1136 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1136 Stable Channel Update for Desktop CVE-2022-1136: Use after free in Tab Strip . Reported by Krace on 2021-12-15 [$5000][ 1289846 ] Medium CVE-2022-1137: Inappropriate implementation in Extensions Reported by Thomas Orlita on 2022-01-22 [$2000][ 1246188 ] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor Severity: medium

CVE-2022-1146 [LOW] Stable Channel Update for Desktop: CVE-2022-1146 Stable Channel Update for Desktop CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2022-0971 [CRITICAL] Stable Channel Update for Desktop: CVE-2022-0971 Stable Channel Update for Desktop CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21 [$NA][ 1301320 ] High CVE-2022-0972: Use after free in Extensions Reported by Sergei Glazunov of Google Project Zero on 2022-02-28 [$15000][ 1297498 ] High CVE-2022-0973: Use after free in Safe Browsing Severity: critical

CVE-2022-0979 [HIGH] Stable Channel Update for Desktop: CVE-2022-0979 Stable Channel Update for Desktop CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03 [$TBD][ 1302157 ] Medium CVE-2022-0980: Use after free in New Tab Page Reported by Krace on 2022-03-02 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: high

CVE-2022-0974 [HIGH] Stable Channel Update for Desktop: CVE-2022-0974 Stable Channel Update for Desktop CVE-2022-0974: Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28 [$7000][ 1295411 ] High CVE-2022-0975: Use after free in ANGLE Reported by SeongHwan Park (SeHwa) on 2022-02-09 [$7000][ 1296866 ] High CVE-2022-0976: Heap buffer overflow in GPU Severity: high

CVE-2022-0789 [HIGH] Stable Channel Update for Desktop: CVE-2022-0789 Stable Channel Update for Desktop CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21 [$7000][ 1274077 ] High CVE-2022-0790: Use after free in Cast UI Reported by Anonymous on 2021-11-23 [$7000][ 1278322 ] High CVE-2022-0791: Use after free in Omnibox Severity: high

CVE-2022-0795 [HIGH] Stable Channel Update for Desktop: CVE-2022-0795 Stable Channel Update for Desktop CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27 [$5000][ 1295786 ] High CVE-2022-0796: Use after free in Media Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp Severity: high

CVE-2022-0792 [HIGH] Stable Channel Update for Desktop: CVE-2022-0792 Stable Channel Update for Desktop CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-01-11 [$7000][ 1291728 ] High CVE-2022-0793: Use after free in Views Reported by Thomas Orlita on 2022-01-28 [$7000][ 1294097 ] High CVE-2022-0794: Use after free in WebShare Severity: high

CVE-2022-0803 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0803 Stable Channel Update for Desktop CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15 [$2500][ 1264561 ] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode Reported by Irvan Kurniawan (sourc7) on 2021-10-29 [$2000][ 1290700 ] Medium CVE-2022-0805: Use after free in Browser Switcher Severity: medium

CVE-2022-0800 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0800 Stable Channel Update for Desktop CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24 [$5000][ 1231037 ] Medium CVE-2022-0801: Inappropriate implementation in HTML parser Reported by Michał Bentkowski of Securitum on 2021-07-20 [$3000][ 1270052 ] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode Severity: medium

CVE-2022-4922 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4922 Stable Channel Update for Desktop CVE-2022-4922: Inappropriate implementation in Blink. Reported by Thomas Orlita on 2021-10-19 [$1000][ 1283434 ] Medium CVE-2022-0806: Data leak in Canvas Reported by Paril on 2021-12-31 [$TBD][ 1287364 ] Medium CVE-2022-0807: Inappropriate implementation in Autofill Severity: medium

CVE-2022-4923 [LOW] Stable Channel Update for Desktop: CVE-2022-4923 Stable Channel Update for Desktop CVE-2022-4923: Inappropriate implementation in Omnibox. Reported by elias@lousseief Severity: low