Summary
| Detail | |||
|---|---|---|---|
| Vendor | First view | 2018-11-14 | |
| Product | Chrome | Last view | 2022-12-02 |
| Version | 70.0.3521.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:google:chrome | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2022-12-02 | CVE-2022-4262 | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 4.3 | 2022-11-30 | CVE-2022-4195 | Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) |
| 8.8 | 2022-11-30 | CVE-2022-4194 | Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 8.8 | 2022-11-30 | CVE-2022-4193 | Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| 8.8 | 2022-11-30 | CVE-2022-4192 | Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) |
| 8.8 | 2022-11-30 | CVE-2022-4191 | Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) |
| 8.8 | 2022-11-30 | CVE-2022-4190 | Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| 4.3 | 2022-11-30 | CVE-2022-4189 | Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) |
| 4.3 | 2022-11-30 | CVE-2022-4188 | Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) |
| 6.5 | 2022-11-30 | CVE-2022-4187 | Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| 4.3 | 2022-11-30 | CVE-2022-4186 | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| 4.3 | 2022-11-30 | CVE-2022-4185 | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) |
| 4.3 | 2022-11-30 | CVE-2022-4184 | Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| 4.3 | 2022-11-30 | CVE-2022-4183 | Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| 4.3 | 2022-11-30 | CVE-2022-4182 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| 8.8 | 2022-11-30 | CVE-2022-4181 | Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 8.8 | 2022-11-30 | CVE-2022-4180 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) |
| 8.8 | 2022-11-30 | CVE-2022-4179 | Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) |
| 8.8 | 2022-11-30 | CVE-2022-4178 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 8.8 | 2022-11-30 | CVE-2022-4177 | Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) |
| 8.8 | 2022-11-30 | CVE-2022-4176 | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) |
| 8.8 | 2022-11-30 | CVE-2022-4175 | Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 8.8 | 2022-11-30 | CVE-2022-4174 | Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 9.6 | 2022-11-25 | CVE-2022-4135 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| 9.6 | 2022-11-09 | CVE-2022-3890 | Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 41% (427) | CWE-416 | Use After Free |
| 25% (259) | CWE-787 | Out-of-bounds Write |
| 7% (74) | CWE-20 | Improper Input Validation |
| 3% (32) | CWE-125 | Out-of-bounds Read |
| 2% (26) | CWE-190 | Integer Overflow or Wraparound |
| 2% (23) | CWE-346 | Origin Validation Error |
| 2% (23) | CWE-276 | Incorrect Default Permissions |
| 2% (21) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 1% (14) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (13) | CWE-290 | Authentication Bypass by Spoofing |
| 0% (10) | CWE-362 | Race Condition |
| 0% (10) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 0% (9) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (9) | CWE-203 | Information Exposure Through Discrepancy |
| 0% (8) | CWE-200 | Information Exposure |
| 0% (7) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (6) | CWE-269 | Improper Privilege Management |
| 0% (4) | CWE-281 | Improper Preservation of Permissions |
| 0% (4) | CWE-209 | Information Exposure Through an Error Message |
| 0% (4) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 0% (3) | CWE-415 | Double Free |
| 0% (3) | CWE-312 | Cleartext Storage of Sensitive Information |
| 0% (2) | CWE-755 | Improper Handling of Exceptional Conditions |
| 0% (2) | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
| 0% (2) | CWE-476 | NULL Pointer Dereference |
SAINT Exploits
| Description | Link |
|---|---|
| Google Chrome SimplifiedLowering bug | More info here |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55810 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55809 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54625 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54624 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54623 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54622 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54498 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54497 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53943 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53942 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53845 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53844 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-04 | Chromium use after free exploitation attempt RuleID : 53836 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-06-04 | Chromium use after free exploitation attempt RuleID : 53835 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53754 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53753 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53752 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-27 | Google Chrome ObjectCreate type confusion attempt RuleID : 53751 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-05 | Google Chrome desktopMediaPickerController use after free attempt RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_720590df10eb11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote Fedora host is missing a security update. File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-fd194a1f14.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-8e866c5066.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-34f7f68029.nasl - Type: ACT_GATHER_INFO |
| 2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO |
| 2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO |
| 2018-12-24 | Name: The remote Debian host is missing a security update. File: debian_DLA-1613.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: A web browser installed on the remote macOS host is affected by a use after f... File: macosx_google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: A web browser installed on the remote Windows host is affected by a use after... File: google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO |
| 2018-12-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO |
| 2018-12-13 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote Windows host is affected by multiple vu... File: mozilla_firefox_64_0.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote Windows host is affected by multiple vu... File: mozilla_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote macOS host is affected by multiple vuln... File: macosx_firefox_64_0.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote macOS host is affected by multiple vuln... File: macosx_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: A web browser installed on the remote macOS host is affected by multiple vuln... File: macosx_google_chrome_71_0_3578_80.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: A web browser installed on the remote Windows host is affected by multiple vu... File: google_chrome_71_0_3578_80.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4352.nasl - Type: ACT_GATHER_INFO |
| 2018-11-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-10.nasl - Type: ACT_GATHER_INFO |
| 2018-11-23 | Name: A web browser installed on the remote macOS host is affected by a vulnerability File: macosx_google_chrome_70_0_3538_110.nasl - Type: ACT_GATHER_INFO |
| 2018-11-23 | Name: A web browser installed on the remote Windows host is affected by a vulnerabi... File: google_chrome_70_0_3538_110.nasl - Type: ACT_GATHER_INFO |
