CVE-2022-0290 An attacker can perform a sandbox escape in Google Chrome before 97.0.4692.99 by using an after free bug.

Google did not disclose the vendor responsible for the patch, but released the patch to the public after 4 months of internal review. A cross-site scripting issue previously existed in Chrome, which allowed remote attackers to inject arbitrary web script into a trusted website via a crafted HTML page. The updated version mitigates the issue by blocking cross-site scripting at the HTML level rather than the browser level. After 4 months, Google released the patch to the public.

CVE-2018-6053: A cross-site scripting issue previously existed in Chrome, which allowed remote attackers to inject arbitrary web script into a trusted website via a crafted HTML page. The updated version mitigates the issue by blocking cross-site scripting at the HTML level rather than the browser level. After 4 months, Google released the patch to the public.

CVE-2018-6054: Google Chrome prior to 72.0.7635.0 allowed remote attackers to bypass Content Security Policy via certain data: URIs.

CVE-2018-6055: Google Chrome prior to 72.0.7635.0 allowed remote attackers to bypass Content Security Policy via a data: URL.
Red Hat Enterprise Linux 7 does not contain any out-of-date packages. However, as Red Hat does not have any official bug bounties, information about any potential issues in Red Hat Enterprise Linux 7 is publicly disclosed through Red Hat's Errata Management System.
Red Hat Enterprise Linux 7 does not contain

References !END

There is no need to outsource SEO because this blog post discusses why it's a good idea.

Infrastructure Services

Red Hat Enterprise Linux 7 does not contain any out-of-date packages. However, as Red Hat does not have any official bug bounties, information about any potential issues in Red Hat Enterprise Linux 7 is publicly disclosed through Red Hat's Errata Management System.

Adobe Reader and Acrobat

CVE-2018-4878: Adobe Reader and Acrobat prior to 2018.011.20050 allowed attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2018-4877, CVE-2018-4879, and CVE-2018-4880.

Timeline

Published on: 02/12/2022 02:15:00 UTC
Last modified on: 04/01/2022 14:01:00 UTC

References

• https://crbug.com/1260134
• https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
• http://packetstormsecurity.com/files/166080/Chrome-RenderFrameHostImpl-Use-After-Free.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0290