Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1096 (GCVE-0-2022-1096)
Vulnerability from cvelistv5 – Published: 2022-07-22 23:35 – Updated: 2025-10-21 23:15
VLAI?
EPSS
CISA KEV
Summary
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
8.8 (High)
CWE
- Type Confusion
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://crbug.com/1309225 | x_refsource_MISC |
| https://chromereleases.googleblog.com/2022/03/sta… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202208-25 | vendor-advisoryx_refsource_GENTOO |
Impacted products
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 2d9b7781-627b-48e2-8277-048291923fcc
Exploited: Yes
Timestamps
First Seen: 2022-03-28
Asserted: 2022-03-28
Scope
Notes: KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-1096
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-843 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Chromium V8 |
| Due Date | 2022-04-18 |
| Date Added | 2022-03-28 |
| Vendorproject | |
| Vulnerabilityname | Google Chromium V8 Type Confusion Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:27 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:22.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1309225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"name": "GLSA-202208-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1096",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T21:45:51.315355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:37.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-28T00:00:00.000Z",
"value": "CVE-2022-1096 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "99.0.4844.84",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T21:12:16.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1309225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"name": "GLSA-202208-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2022-1096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "99.0.4844.84"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1309225",
"refsource": "MISC",
"url": "https://crbug.com/1309225"
},
{
"name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"name": "GLSA-202208-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-25"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2022-1096",
"datePublished": "2022-07-22T23:35:35.000Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:37.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2022-1096",
"cwes": "[\"CWE-843\"]",
"dateAdded": "2022-03-28",
"dueDate": "2022-04-18",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2022-1096",
"product": "Chromium V8",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
"vendorProject": "Google",
"vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability"
},
"epss": {
"cve": "CVE-2022-1096",
"date": "2026-05-20",
"epss": "0.37656",
"percentile": "0.97255"
},
"fkie_nvd": {
"cisaActionDue": "2022-04-18",
"cisaExploitAdd": "2022-03-28",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"99.0.4844.84\", \"matchCriteriaId\": \"26358BA3-D84F-4EE3-B035-61D72923FA0C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"}, {\"lang\": \"es\", \"value\": \"Una confusi\\u00f3n de tipo en V8 en Google Chrome versiones anteriores a 99.0.4844.84, permit\\u00eda a un atacante remoto explotar potencialmente la corrupci\\u00f3n de la pila por medio de una p\\u00e1gina HTML dise\\u00f1ada\"}]",
"id": "CVE-2022-1096",
"lastModified": "2024-11-21T06:40:01.510",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2022-07-23T00:15:08.333",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1309225\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-25\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1309225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-25\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1096\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2022-07-23T00:15:08.333\",\"lastModified\":\"2025-10-24T14:09:48.270\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Una confusi\u00f3n de tipo en V8 en Google Chrome versiones anteriores a 99.0.4844.84, permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2022-03-28\",\"cisaActionDue\":\"2022-04-18\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Google Chromium V8 Type Confusion Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"99.0.4844.84\",\"matchCriteriaId\":\"26358BA3-D84F-4EE3-B035-61D72923FA0C\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1309225\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-25\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1309225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://crbug.com/1309225\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-25\", \"name\": \"GLSA-202208-25\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:55:22.817Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1096\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T21:45:51.315355Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-28\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-28T00:00:00.000Z\", \"value\": \"CVE-2022-1096 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T21:45:15.436Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"99.0.4844.84\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://crbug.com/1309225\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-25\", \"name\": \"GLSA-202208-25\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Type Confusion\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2022-08-14T21:12:16.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"99.0.4844.84\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Chrome\"}]}, \"vendor_name\": \"Google\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://crbug.com/1309225\", \"name\": \"https://crbug.com/1309225\", \"refsource\": \"MISC\"}, {\"url\": \"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\", \"name\": \"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-25\", \"name\": \"GLSA-202208-25\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Type Confusion\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-1096\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"chrome-cve-admin@google.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-1096\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:37.697Z\", \"dateReserved\": \"2022-03-25T00:00:00.000Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2022-07-22T23:35:35.000Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2022-AVI-275
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Google Chrome pour Windows , Mac et Linux versions antérieures à 99.0.4844.84
L'éditeur indique qu'un code d'exploitation est disponible sur Internet.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eGoogle Chrome pour Windows , Mac et Linux versions ant\u00e9rieures \u00e0 \u003cspan data-darkreader-inline-color=\"\"\u003e99.0.4844.84\u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur indique qu\u0027un code d\u0027exploitation est disponible sur Internet.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1096"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-275",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Google Chrome. Elle permet \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 25 mars 2022",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
}
]
}
CERTFR-2022-AVI-276
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Microsoft Edge versions antérieures à 99.0.1150.55 basée sur Chromium version 99.0.4844.84
L'éditeur indique que Google a connaissance d'un code d'exploitation disponible sur Internet.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eMicrosoft Edge versions ant\u00e9rieures \u00e0 99.0.1150.55 bas\u00e9e sur Chromium version 99.0.4844.84\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur indique que Google a connaissance d\u0027un code d\u0027exploitation disponible sur Internet.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1096"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 25 mars 2022",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
}
],
"reference": "CERTFR-2022-AVI-276",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Edge. Elle permet \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 26 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096"
}
]
}
CERTFR-2022-AVI-275
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Google Chrome pour Windows , Mac et Linux versions antérieures à 99.0.4844.84
L'éditeur indique qu'un code d'exploitation est disponible sur Internet.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eGoogle Chrome pour Windows , Mac et Linux versions ant\u00e9rieures \u00e0 \u003cspan data-darkreader-inline-color=\"\"\u003e99.0.4844.84\u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur indique qu\u0027un code d\u0027exploitation est disponible sur Internet.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1096"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-275",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Google Chrome. Elle permet \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 25 mars 2022",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
}
]
}
CERTFR-2022-AVI-276
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Microsoft Edge versions antérieures à 99.0.1150.55 basée sur Chromium version 99.0.4844.84
L'éditeur indique que Google a connaissance d'un code d'exploitation disponible sur Internet.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eMicrosoft Edge versions ant\u00e9rieures \u00e0 99.0.1150.55 bas\u00e9e sur Chromium version 99.0.4844.84\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur indique que Google a connaissance d\u0027un code d\u0027exploitation disponible sur Internet.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1096"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 25 mars 2022",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
}
],
"reference": "CERTFR-2022-AVI-276",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Edge. Elle permet \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 26 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096"
}
]
}
BDU:2022-01471
Vulnerability from fstec - Published: 25.03.2022
VLAI Severity ?
Title
Уязвимость обработчика JavaScript-сценариев V8 браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость обработчика JavaScript-сценариев V8 браузеров Microsoft Edge и Google Chrome связана с ошибками при преобразовании типов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
ООО «РусБИТех-Астра», Microsoft Corp, Google Inc, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Microsoft Edge, Google Chrome, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 1.7 (Astra Linux Special Edition), до 99.0.1150.55 (Microsoft Edge), до 99.0.4844.84 (Google Chrome), 4.7 (Astra Linux Special Edition), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуем устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование средств антивирусной защиты с функцией контроля доступа к веб-ресурсам;
- контролируемый доступ в сеть Интернет – регламентация разрешенных сетевых ресурсов и соединений;
- запуск веб-браузера от имени пользователя с минимальными возможными привилегиями в операционной системе;
- использование альтернативных веб-браузеров;
- применение систем обнаружения и предотвращения вторжений.
Информация от производителей:
Для Google Chrome:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
Для Microsoft Edge:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
Для ОСОН Основа:
Обновление программного обеспечения chromium до версии 102.0.5005.115+repack-1osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets
Reference
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
CWE
CWE-843
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Microsoft Corp, Google Inc, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 1.7 (Astra Linux Special Edition), \u0434\u043e 99.0.1150.55 (Microsoft Edge), \u0434\u043e 99.0.4844.84 (Google Chrome), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0435\u0442\u044c \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u2013 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\n\n\u0414\u043b\u044f Microsoft Edge:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 102.0.5005.115+repack-1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.03.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.03.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01471",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1096",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Microsoft Edge, Google Chrome, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Microsoft Corp Windows - , Apple Inc. MacOS - , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Microsoft Edge \u0438 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0435 \u0442\u0438\u043f\u044b (CWE-843)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Microsoft Edge \u0438 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0442\u0438\u043f\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-843",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
CNVD-2022-28467
Vulnerability from cnvd - Published: 2022-04-13
VLAI Severity ?
Title
Google Chrome V8代码执行漏洞(CNVD-2022-28467)
Description
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome存在安全漏洞,远程攻击者可利用此漏洞在系统上执行任意代码或造成拒绝服务情况。
Severity
高
Patch Name
Google Chrome V8代码执行漏洞(CNVD-2022-28467)的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome存在安全漏洞,远程攻击者可利用此漏洞在系统上执行任意代码或造成拒绝服务情况。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
Reference
https://www.cybersecurity-help.cz/vdb/SB2022032601
Impacted products
| Name | Google Chrome <99.0.4844.84 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-1096"
}
},
"description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u60c5\u51b5\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-28467",
"openTime": "2022-04-13",
"patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u60c5\u51b5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome V8\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2022-28467\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c99.0.4844.84"
},
"referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2022032601",
"serverity": "\u9ad8",
"submitTime": "2022-03-29",
"title": "Google Chrome V8\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2022-28467\uff09"
}
FKIE_CVE-2022-1096
Vulnerability from fkie_nvd - Published: 2022-07-23 00:15 - Updated: 2025-10-24 14:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
| URL | Tags | ||
|---|---|---|---|
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html | Release Notes, Vendor Advisory | |
| chrome-cve-admin@google.com | https://crbug.com/1309225 | Permissions Required, Vendor Advisory | |
| chrome-cve-admin@google.com | https://security.gentoo.org/glsa/202208-25 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/1309225 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-25 | Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096 | US Government Resource |
{
"cisaActionDue": "2022-04-18",
"cisaExploitAdd": "2022-03-28",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26358BA3-D84F-4EE3-B035-61D72923FA0C",
"versionEndExcluding": "99.0.4844.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
},
{
"lang": "es",
"value": "Una confusi\u00f3n de tipo en V8 en Google Chrome versiones anteriores a 99.0.4844.84, permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
}
],
"id": "CVE-2022-1096",
"lastModified": "2025-10-24T14:09:48.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-07-23T00:15:08.333",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1309225"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1309225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-25"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GSD-2022-1096
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1096",
"description": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2022-1096",
"references": [
"https://www.debian.org/security/2022/dsa-5110",
"https://advisories.mageia.org/CVE-2022-1096.html",
"https://www.suse.com/security/cve/CVE-2022-1096.html",
"https://ubuntu.com/security/CVE-2022-1096",
"https://security.archlinux.org/CVE-2022-1096"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1096"
],
"details": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2022-1096",
"modified": "2023-12-13T01:19:28.102065Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2022-1096",
"dateAdded": "2022-03-28",
"dueDate": "2022-04-18",
"product": "Chromium V8",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "The vulnerability exists due to a type confusion error within the V8 component in Chromium, affecting all Chromium-based browsers.",
"vendorProject": "Google",
"vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2022-1096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "99.0.4844.84"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1309225",
"refsource": "MISC",
"url": "https://crbug.com/1309225"
},
{
"name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"name": "GLSA-202208-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-25"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "99.0.4844.84",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2022-1096"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1309225",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1309225"
},
{
"name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"name": "GLSA-202208-25",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-25"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-10-27T22:50Z",
"publishedDate": "2022-07-23T00:15Z"
}
}
}
ICSA-22-209-01
Vulnerability from csaf_cisa - Published: 2022-07-28 00:00 - Updated: 2022-07-28 00:00Summary
Rockwell Products Impacted by Chromium Type Confusion
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of this vulnerability could cause a denial-of-service condition.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: This vulnerability is not exploitable remotely.
4.0 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Connected Components Workbench software: Versions 11 12 13 and 20
Rockwell Automation / Connected Components Workbench software
|
11 | 12 | 13 | 20 |
Vendor Fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Enhanced HIM (eHIM) for PowerFlex 6000T: Version 1.001
Rockwell Automation / Enhanced HIM (eHIM) for PowerFlex 6000T
|
1.001 |
Vendor Fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
FactoryTalk Linx Enterprise software: Versions 6.20 6.21 and 6.30
Rockwell Automation / FactoryTalk Linx Enterprise software
|
6.20 | 6.21 | 6.30 |
Vendor Fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
FactoryTalk View Site Edition: Version 13
Rockwell Automation / FactoryTalk View Site Edition
|
13 |
Vendor Fix
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
6 references
Acknowledgments
Rockwell Automation
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could cause a denial-of-service condition.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "This vulnerability is not exploitable remotely.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-209-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-209-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-209-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-209-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-209-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
}
],
"title": "Rockwell Products Impacted by Chromium Type Confusion",
"tracking": {
"current_release_date": "2022-07-28T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-209-01",
"initial_release_date": "2022-07-28T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-07-28T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11 | 12 | 13 | 20",
"product": {
"name": "Connected Components Workbench software: Versions 11 12 13 and 20",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Connected Components Workbench software"
},
{
"branches": [
{
"category": "product_version",
"name": "1.001",
"product": {
"name": "Enhanced HIM (eHIM) for PowerFlex 6000T: Version 1.001",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Enhanced HIM (eHIM) for PowerFlex 6000T"
},
{
"branches": [
{
"category": "product_version",
"name": "6.20 | 6.21 | 6.30",
"product": {
"name": "FactoryTalk Linx Enterprise software: Versions 6.20 6.21 and 6.30",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "FactoryTalk Linx Enterprise software"
},
{
"branches": [
{
"category": "product_version",
"name": "13",
"product": {
"name": "FactoryTalk View Site Edition: Version 13",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "FactoryTalk View Site Edition"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1096",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Rockwell Automation has been made aware of a third-party vulnerability present in multiple vendor components currently in use. Due to how Rockwell Automation uses the Chromium web browser, exploitation of this vulnerability may cause the affected products to become temporarily unavailable. As a result, the CVSS Score was adjusted to reflect how this vulnerability affects these Rockwell products.CVE-2022-1096 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1096"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Users currently utilizing the FactoryTalk View Site Edition should avoid using the web browser control if it is not required for the intended use of the product.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Users currently utilizing the FactoryTalk View Site Edition web browser can manually download and apply the updated version of WebView2 by performing these recommended actions:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://compatibility.rockwellautomation.com/Pages/Home.aspx"
},
{
"category": "mitigation",
"details": "Replace the Microsoft WebView2 file in the C:\\Program Files (x86)\\Rockwell Software\\RS View Enterprise\\Microsoft.WebView2.FixedVersionRuntime directory by copying and pasting the new version of the software into the folder.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Users should be sure to not remove the contents of the folder before pasting the new file.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Users currently utilizing Enhanced HIM (eHIM) for Power Flex 6000T drives should perform the following recommended actions to address the vulnerability:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Update the Microsoft Edge browser to Version 99.0.1150 or later.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Apply the update for eHIM when made available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "If applying the mitigations noted above is not feasible, then see Rockwell Automation\u0027s Knowledgebase article, Security Best Practices (login required), for additional recommendations for maintaining adequate environment security posture.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://rockwellautomation.custhelp.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
}
]
}
OPENSUSE-SU-2022:0103-1
Vulnerability from csaf_opensuse - Published: 2022-04-04 16:01 - Updated: 2022-04-04 16:01Summary
Security update for opera
Severity
Important
Notes
Title of the patch: Security update for opera
Description of the patch: This update for opera fixes the following issues:
Opera was updated to 85.0.4341.28
- CHR-8816 Update chromium on desktop-stable-99-4341
to 99.0.4844.84
- DNA-98092 Crash at views::MenuItemView::GetMenuController()
- DNA-98278 Translations for O85
- DNA-98320 [Mac] Unable to delete recent search entries
- DNA-98614 Show recent searches for non-BABE users
- DNA-98615 Allow removal of recent searches
- DNA-98616 Add recent searches to ‘old’ BABE
- DNA-98617 Make it possible to disable ad-blocker per-country
- DNA-98651 Remove Instagram and Facebook Messenger in Russia
- DNA-98653 Add flag #recent-searches
- DNA-98696 smoketest
PageInfoHistoryDataSourceTest.FormatTimestampString failing
- DNA-98703 Port Chromium issue 1309225 to Opera Stable
- The update to chromium 99.0.4844.84 fixes following issues:
CVE-2022-1096
- Changes in 85.0.4341.18
- CHR-8789 Update chromium on desktop-stable-99-4341 to
99.0.4844.51
- DNA-98059 [Linux] Crash at
opera::FreedomSettingsImpl::IsBypassForDotlessDomainsEnabled
- DNA-98349 [Linux] Crash at bluez::BluezDBusManager::Get()
- DNA-98126 System crash dialog shown on macOS <= 10.15
- DNA-98331 [Snap] Meme generator cropping / resizing broken
- DNA-98394 Audio tab indicator set to 'muted' on
videoconferencing sites
- DNA-98481 Report errors in opauto_collector
- The update to chromium 99.0.4844.51 fixes following issues:
CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792,
CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796,
CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800,
CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804,
CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808,
CVE-2022-0809
- Changes in 85.0.4341.13
- DNA-94119 Upgrade curl to 7.81.0
- DNA-97849 [Mac monterey] System shortcut interfere with
Opera’s `ToggleSearchInOpenTabs` shortcut
- DNA-98204 Automatic popout happens when video is paused
- DNA-98231 Shortcuts are blocked by displayed tab tooltip
when triggered quickly after tooltip appears
- DNA-98321 Add thinlto-cache warnings to suppression list
- DNA-98395 Promote O85 to stable
- Complete Opera 85.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-85/
- Update to 84.0.4316.42
- DNA-94119 Upgrade curl to 7.81.0
- DNA-98092 Crash at views::MenuItemView::GetMenuController()
- DNA-98204 Automatic popout happens when video is paused
- DNA-98231 Shortcuts are blocked by displayed tab tooltip when
triggered quickly after tooltip appears
- Update to 84.0.4316.31
- CHR-8772 Update chromium on desktop-stable-98-4316 to
98.0.4758.109
- DNA-97573 [Win][Lin]”Close tab” button is not displayed on tabs
playing media when many tabs are open
- DNA-97729 cancelling the process uploading custom Wallpaper
crashes the browser
- DNA-97871 Google meet tab’s icons don’t fit on pinned tab
- DNA-97872 Tab is being unpinned when video conferencing
button is clicked
- DNA-98039 Dark theme top sites have black background
- DNA-98117 Clicking current tab information should hide tooltip
Patchnames: openSUSE-2022-103
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
70 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\nOpera was updated to 85.0.4341.28\n\n - CHR-8816 Update chromium on desktop-stable-99-4341\n to 99.0.4844.84\n - DNA-98092 Crash at views::MenuItemView::GetMenuController()\n - DNA-98278 Translations for O85\n - DNA-98320 [Mac] Unable to delete recent search entries\n - DNA-98614 Show recent searches for non-BABE users\n - DNA-98615 Allow removal of recent searches\n - DNA-98616 Add recent searches to \u2018old\u2019 BABE\n - DNA-98617 Make it possible to disable ad-blocker per-country\n - DNA-98651 Remove Instagram and Facebook Messenger in Russia\n - DNA-98653 Add flag #recent-searches\n - DNA-98696 smoketest \n PageInfoHistoryDataSourceTest.FormatTimestampString failing\n - DNA-98703 Port Chromium issue 1309225 to Opera Stable\n\n- The update to chromium 99.0.4844.84 fixes following issues: \n CVE-2022-1096\n\n- Changes in 85.0.4341.18\n\n - CHR-8789 Update chromium on desktop-stable-99-4341 to\n 99.0.4844.51\n - DNA-98059 [Linux] Crash at\n opera::FreedomSettingsImpl::IsBypassForDotlessDomainsEnabled\n - DNA-98349 [Linux] Crash at bluez::BluezDBusManager::Get()\n - DNA-98126 System crash dialog shown on macOS \u003c= 10.15\n - DNA-98331 [Snap] Meme generator cropping / resizing broken\n - DNA-98394 Audio tab indicator set to \u0027muted\u0027 on\n videoconferencing sites\n - DNA-98481 Report errors in opauto_collector\n\n- The update to chromium 99.0.4844.51 fixes following issues:\n CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792,\n CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796,\n CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800,\n CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804,\n CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808,\n CVE-2022-0809\n\n- Changes in 85.0.4341.13\n\n - DNA-94119 Upgrade curl to 7.81.0\n - DNA-97849 [Mac monterey] System shortcut interfere with\n Opera\u2019s `ToggleSearchInOpenTabs` shortcut\n - DNA-98204 Automatic popout happens when video is paused\n - DNA-98231 Shortcuts are blocked by displayed tab tooltip\n when triggered quickly after tooltip appears\n - DNA-98321 Add thinlto-cache warnings to suppression list\n - DNA-98395 Promote O85 to stable\n\n- Complete Opera 85.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-85/\n\n- Update to 84.0.4316.42\n\n - DNA-94119 Upgrade curl to 7.81.0\n - DNA-98092 Crash at views::MenuItemView::GetMenuController()\n - DNA-98204 Automatic popout happens when video is paused\n - DNA-98231 Shortcuts are blocked by displayed tab tooltip when\n triggered quickly after tooltip appears\n\n- Update to 84.0.4316.31\n\n - CHR-8772 Update chromium on desktop-stable-98-4316 to\n 98.0.4758.109\n - DNA-97573 [Win][Lin]\u201dClose tab\u201d button is not displayed on tabs\n playing media when many tabs are open\n - DNA-97729 cancelling the process uploading custom Wallpaper\n crashes the browser\n - DNA-97871 Google meet tab\u2019s icons don\u2019t fit on pinned tab\n - DNA-97872 Tab is being unpinned when video conferencing\n button is clicked\n - DNA-98039 Dark theme top sites have black background\n - DNA-98117 Clicking current tab information should hide tooltip\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-103",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0103-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0103-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ITLKQDHCBVY73BXRDDHU7JJZJG7TVNG/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0103-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ITLKQDHCBVY73BXRDDHU7JJZJG7TVNG/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0789 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0791 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0793 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0794 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0795 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0796 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0797 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0798 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0799 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0800 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0801 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0802 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0803 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0804 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0805 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0806 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0807 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0808 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0809 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1096 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1096/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2022-04-04T16:01:30Z",
"generator": {
"date": "2022-04-04T16:01:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0103-1",
"initial_release_date": "2022-04-04T16:01:30Z",
"revision_history": [
{
"date": "2022-04-04T16:01:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-85.0.4341.28-lp153.2.42.1.x86_64",
"product": {
"name": "opera-85.0.4341.28-lp153.2.42.1.x86_64",
"product_id": "opera-85.0.4341.28-lp153.2.42.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3 NonFree",
"product": {
"name": "openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-85.0.4341.28-lp153.2.42.1.x86_64 as component of openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
},
"product_reference": "opera-85.0.4341.28-lp153.2.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0789"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0789",
"url": "https://www.suse.com/security/cve/CVE-2022-0789"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0789",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0789"
},
{
"cve": "CVE-2022-0790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0790"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0790",
"url": "https://www.suse.com/security/cve/CVE-2022-0790"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0790",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0790"
},
{
"cve": "CVE-2022-0791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0791"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0791",
"url": "https://www.suse.com/security/cve/CVE-2022-0791"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0791",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0791"
},
{
"cve": "CVE-2022-0792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0792"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0792",
"url": "https://www.suse.com/security/cve/CVE-2022-0792"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0792",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0792"
},
{
"cve": "CVE-2022-0793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0793"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0793",
"url": "https://www.suse.com/security/cve/CVE-2022-0793"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0793",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0793"
},
{
"cve": "CVE-2022-0794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0794"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0794",
"url": "https://www.suse.com/security/cve/CVE-2022-0794"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0794",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0794"
},
{
"cve": "CVE-2022-0795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0795"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0795",
"url": "https://www.suse.com/security/cve/CVE-2022-0795"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0795",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0795"
},
{
"cve": "CVE-2022-0796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0796"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0796",
"url": "https://www.suse.com/security/cve/CVE-2022-0796"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0796",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0796"
},
{
"cve": "CVE-2022-0797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0797"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0797",
"url": "https://www.suse.com/security/cve/CVE-2022-0797"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0797",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0797"
},
{
"cve": "CVE-2022-0798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0798"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0798",
"url": "https://www.suse.com/security/cve/CVE-2022-0798"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0798",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0798"
},
{
"cve": "CVE-2022-0799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0799"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0799",
"url": "https://www.suse.com/security/cve/CVE-2022-0799"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0799",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0799"
},
{
"cve": "CVE-2022-0800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0800"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0800",
"url": "https://www.suse.com/security/cve/CVE-2022-0800"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0800",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0800"
},
{
"cve": "CVE-2022-0801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0801"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0801",
"url": "https://www.suse.com/security/cve/CVE-2022-0801"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0801",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0801"
},
{
"cve": "CVE-2022-0802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0802"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0802",
"url": "https://www.suse.com/security/cve/CVE-2022-0802"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0802",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0802"
},
{
"cve": "CVE-2022-0803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0803"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0803",
"url": "https://www.suse.com/security/cve/CVE-2022-0803"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0803",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0803"
},
{
"cve": "CVE-2022-0804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0804"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0804",
"url": "https://www.suse.com/security/cve/CVE-2022-0804"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0804",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0804"
},
{
"cve": "CVE-2022-0805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0805"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0805",
"url": "https://www.suse.com/security/cve/CVE-2022-0805"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0805",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0805"
},
{
"cve": "CVE-2022-0806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0806"
}
],
"notes": [
{
"category": "general",
"text": "Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0806",
"url": "https://www.suse.com/security/cve/CVE-2022-0806"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0806",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0806"
},
{
"cve": "CVE-2022-0807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0807"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0807",
"url": "https://www.suse.com/security/cve/CVE-2022-0807"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0807",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0807"
},
{
"cve": "CVE-2022-0808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0808"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0808",
"url": "https://www.suse.com/security/cve/CVE-2022-0808"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0808",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0808"
},
{
"cve": "CVE-2022-0809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0809"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0809",
"url": "https://www.suse.com/security/cve/CVE-2022-0809"
},
{
"category": "external",
"summary": "SUSE Bug 1196641 for CVE-2022-0809",
"url": "https://bugzilla.suse.com/1196641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "critical"
}
],
"title": "CVE-2022-0809"
},
{
"cve": "CVE-2022-1096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1096"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1096",
"url": "https://www.suse.com/security/cve/CVE-2022-1096"
},
{
"category": "external",
"summary": "SUSE Bug 1197552 for CVE-2022-1096",
"url": "https://bugzilla.suse.com/1197552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-85.0.4341.28-lp153.2.42.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T16:01:30Z",
"details": "important"
}
],
"title": "CVE-2022-1096"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…