Msrc Microsoft Edge vulnerabilities

CVE-2022-2294 [HIGH] Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.49 7/6/2022 103.0.5060.114 Extended Stable:

CVE-2022-2295 [HIGH] Chromium: CVE-2022-2295 Type Confusion in V8 Chromium: CVE-2022-2295 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based

CVE-2022-2478 [HIGH] Chromium: CVE-2022-2478 Use after free in PDF Chromium: CVE-2022-2478 Use after free in PDF Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.71 7/22/2022 103.0.5060.134 FAQ: Why is this Chrome CVE inclu

CVE-2022-2481 [HIGH] Chromium: CVE-2022-2481 Use after free in Views Chromium: CVE-2022-2481 Use after free in Views Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.71 7/22/2022 103.0.5060.134 FAQ: Why is this Chrome CVE in

CVE-2022-2479 [MEDIUM] Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.71 7

CVE-2022-2010 [CRITICAL] Chromium: CVE-2022-2010 Out of bounds read in compositing Chromium: CVE-2022-2010 Out of bounds read in compositing Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 102.0.1245.41 6/13/2022 102.0.5005.115 FAQ: W

CVE-2022-33680 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability via the Network? An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. I

CVE-2022-30192 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several preconditi

CVE-2022-33638 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, t

CVE-2022-2008 [HIGH] Chromium: CVE-2022-2008 Out of bounds memory access in WebGL Chromium: CVE-2022-2008 Out of bounds memory access in WebGL Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 102.0.1245.41 6/13/2022 102.0.5005.115 FAQ:

CVE-2022-33639 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope chang

CVE-2022-22021 [HIGH] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several precondition

CVE-2022-2163 [HIGH] Chromium: CVE-2022-2163 Use after free in Cast UI and Toolbar Chromium: CVE-2022-2163 Use after free in Cast UI and Toolbar Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.37 6/23/2022 103.0.5060.53 FAQ

CVE-2022-2158 [HIGH] Chromium: CVE-2022-2158 Type Confusion in V8 Chromium: CVE-2022-2158 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.37 6/23/2022 103.0.5060.53 FAQ: Why is this Chrome CVE included

CVE-2022-2162 [HIGH] Chromium: CVE-2022-2162 Insufficient policy enforcement in File System API Chromium: CVE-2022-2162 Insufficient policy enforcement in File System API Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.37 6/2

CVE-2022-2157 [HIGH] Chromium: CVE-2022-2157 Use after free in Interest groups Chromium: CVE-2022-2157 Use after free in Interest groups Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.37 6/23/2022 103.0.5060.53 FAQ: Why is

CVE-2022-2007 [HIGH] Chromium: CVE-2022-2007 Use after free in WebGPU Chromium: CVE-2022-2007 Use after free in WebGPU Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 102.0.1245.41 6/13/2022 102.0.5005.115 FAQ: Why is this Chrome CVE

CVE-2022-2161 [HIGH] Chromium: CVE-2022-2161 Use after free in WebApp Provider Chromium: CVE-2022-2161 Use after free in WebApp Provider Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.37 6/23/2022 103.0.5060.53 FAQ: Why is

CVE-2022-2156 [HIGH] Chromium: CVE-2022-2156 Use after free in Base Chromium: CVE-2022-2156 Use after free in Base Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 103.0.1264.37 6/23/2022 103.0.5060.53 FAQ: Why is this Chrome CVE inclu

CVE-2022-2011 [HIGH] Chromium: CVE-2022-2011 Use after free in ANGLE Chromium: CVE-2022-2011 Use after free in ANGLE Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 102.0.1245.41 6/13/2022 102.0.5005.115 FAQ: Why is this Chrome CVE in