Google Chrome Chrome vulnerabilities

CVE-2022-0607 [HIGH] Stable Channel Update for Desktop: CVE-2022-0607 Stable Channel Update for Desktop CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17 [$NA][ 1270333 ] High CVE-2022-0608: Integer overflow in Mojo Reported by Sergei Glazunov of Google Project Zero on 2021-11-16 [$NA][ 1296150 ] High CVE-2022-0609: Use after free in Animation Severity: high

CVE-2022-0606 [HIGH] Stable Channel Update for Desktop: CVE-2022-0606 Stable Channel Update for Desktop CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp Severity: high

CVE-2022-0459 [HIGH] Stable Channel Update for Desktop: CVE-2022-0459 Stable Channel Update for Desktop CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28 [$7500][ 1250227 ] Medium CVE-2022-0460: Use after free in Window Dialog Reported by 0x74960 on 2021-09-16 [$3000][ 1256823 ] Medium CVE-2022-0461: Policy bypass in COOP Severity: high

CVE-2022-0462 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0462 Stable Channel Update for Desktop CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16 [$1000][ 1268240 ] Medium CVE-2022-0463: Use after free in Accessibility Reported by Zhihua Yao of KunLun Lab on 2021-11-09 [$1000][ 1270095 ] Medium CVE-2022-0464: Use after free in Accessibility Severity: medium

CVE-2022-0468 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0468 Stable Channel Update for Desktop CVE-2022-0468: Use after free in Payments. Reported by Krace on 2021-09-24 [$TBD][ 1279531 ] Medium CVE-2022-0469: Use after free in Cast Reported by Thomas Orlita on 2021-12-14 [$TBD][ 1269225 ] Low CVE-2022-0470: Out of bounds memory access in V8 Severity: medium

CVE-2022-4025 [LOW] Stable Channel Update for Desktop: CVE-2022-4025 Stable Channel Update for Desktop CVE-2022-4025: Inappropriate implementation in Paint. Reported by Suhwan Song on 2021-10-15 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: low

CVE-2022-0103 [HIGH] Stable Channel Update for Desktop: CVE-2022-0103 Stable Channel Update for Desktop CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair on 2021-11-21 [$5000][ 1272967 ] High CVE-2022-4924: Use after free in WebRTC Reported by Rong Jian of VRI on 2021-11-23 [$TBD][ 1273661 ] High CVE-2022-0104: Heap buffer overflow in ANGLE Severity: high

CVE-2022-0106 [HIGH] Stable Channel Update for Desktop: CVE-2022-0106 Stable Channel Update for Desktop CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10 [$10000][ 1248438 ] Medium CVE-2022-0107: Use after free in File Manager API Reported by raven (@raid_akame) on 2021-09-10 [$5000][ 1248444 ] Medium CVE-2022-0108: Inappropriate implementation in Navigation Severity: high

CVE-2022-0101 [HIGH] Stable Channel Update for Desktop: CVE-2022-0101 Stable Channel Update for Desktop CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) on 2021-09-14 [$10000][ 1247389 ] High CVE-2022-0337: Inappropriate implementation in File System API Reported by Maciej Pulikowski on 2021-09-07 [$TBD][ 1260129 ] High CVE-2022-0102: Type Confusion in V8 Severity: high

CVE-2022-0105 [HIGH] Stable Channel Update for Desktop: CVE-2022-0105 Stable Channel Update for Desktop CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp Severity: high

CVE-2022-0112 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0112 Stable Channel Update for Desktop CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas Orlita on 2021-10-04 [$1000][ 1039885 ] Medium CVE-2022-0113: Inappropriate implementation in Blink Reported by Luan Herrera (@lbherrera_) on 2020-01-07 [$TBD][ 1267627 ] Medium CVE-2022-0114: Out of bounds memory access in Web Serial Severity: medium

CVE-2022-0115 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0115 Stable Channel Update for Desktop CVE-2022-0115: Uninitialized Use in File API. Reported by Mark Brand of Google Project Zero on 2021-11-10 [$TBD][ 1272250 ] Medium CVE-2022-0116: Inappropriate implementation in Compositing Reported by Irvan Kurniawan (sourc7) on 2021-11-20 [$TBD][ 1115847 ] Low CVE-2022-0117: Policy bypass in Service Workers Severity: medium

CVE-2022-0118 [LOW] Stable Channel Update for Desktop: CVE-2022-0118 Stable Channel Update for Desktop CVE-2022-0118: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2021-08-11 [$TBD][ 1262953 ] Low CVE-2022-0120: Inappropriate implementation in Passwords Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25 [$1000][ 1238309 ] Low CVE-2022-4925: Insufficient validation of untrusted input in QUIC Severity: low

CVE-2021-4098 [CRITICAL] Stable Channel Update for Desktop: CVE-2021-4098 Stable Channel Update for Desktop CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26 [$5000][ 1270658 ] High CVE-2021-4099: Use after free in Swiftshader Reported by Aki Helin of Solita on 2021-11-16 [$5000][ 1272068 ] High CVE-2021-4100: Object lifecycle issue in ANGLE Severity: critical

CVE-2021-4101 [HIGH] Stable Channel Update for Desktop: CVE-2021-4101 Stable Channel Update for Desktop CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21 [$TBD][ 1278387 ] High CVE-2021-4102: Use after free in V8 Reported by Anonymous on 2021-12-09 Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild Severity: high

CVE-2021-4055 [HIGH] Stable Channel Update for Desktop: CVE-2021-4055 Stable Channel Update for Desktop CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03 [$TBD][ 1260939 ] High CVE-2021-4056: Type Confusion in loader Reported by @__R0ng of 360 Alpha Lab on 2021-10-18 [$TBD][ 1262183 ] High CVE-2021-4057: Use after free in file API Severity: high

CVE-2021-4052 [HIGH] Stable Channel Update for Desktop: CVE-2021-4052 Stable Channel Update for Desktop CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07 [$10000][ 1267791 ] High CVE-2021-4053: Use after free in UI Reported by Rox on 2021-11-08 [$8500][ 1265806 ] High CVE-2021-4079: Out of bounds write in WebRTC Severity: high

CVE-2021-4065 [HIGH] Stable Channel Update for Desktop: CVE-2021-4065 Stable Channel Update for Desktop CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 from Topsec ChiXiao Lab on 2021-11-25 [$TBD][ 1274499 ] High CVE-2021-4066: Integer underflow in ANGLE Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29 [$TBD][ 1274641 ] High CVE-2021-4067: Use after free in window manager Severity: high

CVE-2021-4054 [HIGH] Stable Channel Update for Desktop: CVE-2021-4054 Stable Channel Update for Desktop CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13 [$5000][ 1260783 ] High CVE-2021-4317: Use after free in ANGLE Reported by Jeonghoon Shin of Theori on 2021-10-18 [$5000][ 1268738 ] High CVE-2021-4078: Type confusion in V8 Severity: high

CVE-2021-4062 [HIGH] Stable Channel Update for Desktop: CVE-2021-4062 Stable Channel Update for Desktop CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22 [$TBD][ 1273176 ] High CVE-2021-4063: Use after free in developer tools Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23 [$TBD][ 1273197 ] High CVE-2021-4064: Use after free in screen capture Severity: high