CVE-2022-0297 An attacker in Google Chrome before version 97.0.4692.99 could exploit heap corruption after an AAF.

CVE-2018-5712 was discovered in Google Chrome prior to 97.0.4683.0. A flaw in the V8 JavaScript engine allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-5711 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in Blink caused a potentially exploitable crash.

CVE-2018-5710 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in extensions during XSS validation allowed a remote attacker to potentially exploit this to cause a denial of service via a crafted HTML page.

CVE-2018-5709 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in V8 bindings in web process caused a potentially exploitable crash.

CVE-2018-5708 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in V8 bindings in web process caused a potentially exploitable crash.

CVE-2018-5707 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in V8 bindings in web process caused a potentially exploitable crash.

CVE-2018-5706 was discovered in Google Chrome prior to 97.0.4683.0

Chrome Browser (previously Chromium)

Chrome Browser (previously Chromium) is a freeware web browser developed by Google. It uses the Blink layout engine to render web pages, which implements HTML5, CSS3, and JavaScript in the Dart programming language.

A flaw in V8 allowed an attacker to exploit heap corruption via a crafted HTML page

Potential Privacy Vulnerability in Web Audio API

A vulnerability in the Web Audio API (WebAPIAudioObject.createBuffer algorithm) can allow a remote attacker to obtain sensitive information on the audio device of the visitor's computer.

This vulnerability exists because WebAPIAudioObject.createBuffer works by sending a buffer to the server, which is then converted into an audio stream by the server and returned to the client. The attacker can record this stream and analyze it later, potentially revealing a private conversation or listening in on another user's computer.

Timeline

Published on: 02/12/2022 02:15:00 UTC
Last modified on: 02/19/2022 04:38:00 UTC

References

• https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
• https://crbug.com/1274316
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0297