{"vulnerability": "CVE-2022-2010", "sightings": [{"uuid": "c804d840-04c0-4423-a9d5-6c6cc07d964e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2010", "type": "seen", "source": "https://t.me/itsec_news/817", "content": "\u200b\u26a1\ufe0f \u041f\u0435\u043d\u0442\u0435\u0441\u0442\u0435\u0440\u044b \u043f\u043e\u043c\u043e\u0433\u043b\u0438 Google \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Chrome.\n\n\ud83d\udcac \u041d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Chrome. \u041e\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 7 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 4 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0435\u0440\u044b.\n\n\u2014 CVE-2022-2007 \u2013 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 WebGPU. \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0414\u044d\u0432\u0438\u0434\u043e\u043c \u041c\u0430\u043d\u0443\u0447\u0435\u0445\u0440\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043d\u0430\u0433\u0440\u0430\u0434\u0443 \u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u0435 $10 \u0442\u044b\u0441. \u0437\u0430 \u043d\u0430\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b;\n\u2014 CVE-2022-2011 \u2013 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 ANGLE (\u0434\u0432\u0438\u0436\u043e\u043a \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0441\u043b\u043e\u044f Google Chrome). \u041e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b SeongHwan Park (SeHwa);\n\u2014 CVE-2022-2008 \u2013 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 WebGL, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 VinCSS \u0422\u0440\u0430\u043d \u0412\u0430\u043d \u041a\u0445\u0430\u043d\u0433;\n\u2014 CVE-2022-2010 \u2013 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446. \u041e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u041c\u0430\u0440\u043a \u0411\u0440\u044d\u043d\u0434 \u0438\u0437 Google Project Zero . \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0435 Google, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442 \u043d\u0430\u0433\u0440\u0430\u0434\u0443 \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435.\n\nGoogle \u0435\u0449\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442 \u0441\u0443\u043c\u043c\u044b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c SeongHwan Park \u0438 \u0422\u0440\u0430\u043d \u0412\u0430\u043d \u041a\u0445\u0430\u043d\u0433\n\n\u0410\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Chrome 102.0.5005.115 \u0441\u0435\u0439\u0447\u0430\u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438. Google \u043d\u0435 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u043b \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n#Google #Chrome #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-14T18:09:42.000000Z"}, {"uuid": "64fd496e-4a75-4519-903b-050f32b30f04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20109", "type": "seen", "source": "https://t.me/cibsecurity/41849", "content": "\u203c CVE-2022-20109 \u203c\n\nIn ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T00:34:11.000000Z"}, {"uuid": "192555f6-0a14-4cd2-aefa-df775acae5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2010", "type": "seen", "source": "https://t.me/cibsecurity/47177", "content": "\u203c CVE-2022-2010 \u203c\n\nOut of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T07:18:00.000000Z"}, {"uuid": "01dab9ba-3fd7-42b4-a908-1b4d4ff2dc63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20101", "type": "seen", "source": "https://t.me/cibsecurity/41864", "content": "\u203c CVE-2022-20101 \u203c\n\nIn aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T00:34:34.000000Z"}, {"uuid": "e96fc720-a218-448c-b19b-d6ec9bb4066c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20106", "type": "seen", "source": "https://t.me/cibsecurity/41863", "content": "\u203c CVE-2022-20106 \u203c\n\nIn MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T00:34:33.000000Z"}, {"uuid": "4750f0bd-810c-4489-9229-42cab161af65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20104", "type": "seen", "source": "https://t.me/cibsecurity/41862", "content": "\u203c CVE-2022-20104 \u203c\n\nIn aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T00:34:32.000000Z"}, {"uuid": "271b37b1-fc64-497e-9698-fea763b7cb0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20105", "type": "seen", "source": "https://t.me/cibsecurity/41883", "content": "\u203c CVE-2022-20105 \u203c\n\nIn MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T00:39:18.000000Z"}]}