CVE-2022-0297 An attacker in Google Chrome before version 97.0.4692.99 could exploit heap corruption after an AAF.

CVE-2022-0297 An attacker in Google Chrome before version 97.0.4692.99 could exploit heap corruption after an AAF.

CVE-2018-5712 was discovered in Google Chrome prior to 97.0.4683.0. A flaw in the V8 JavaScript engine allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-5711 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in Blink caused a potentially exploitable crash.

CVE-2018-5710 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in extensions during XSS validation allowed a remote attacker to potentially exploit this to cause a denial of service via a crafted HTML page.

CVE-2018-5709 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in V8 bindings in web process caused a potentially exploitable crash.

CVE-2018-5708 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in V8 bindings in web process caused a potentially exploitable crash.

CVE-2018-5707 was discovered in Google Chrome prior to 97.0.4683.0. A use-after-free issue in V8 bindings in web process caused a potentially exploitable crash.

CVE-2018-5706 was discovered in Google Chrome prior to 97.0.4683.0

Chrome Browser (previously Chromium)

Chrome Browser (previously Chromium) is a freeware web browser developed by Google. It uses the Blink layout engine to render web pages, which implements HTML5, CSS3, and JavaScript in the Dart programming language.

A flaw in V8 allowed an attacker to exploit heap corruption via a crafted HTML page

Potential Privacy Vulnerability in Web Audio API

A vulnerability in the Web Audio API (WebAPIAudioObject.createBuffer algorithm) can allow a remote attacker to obtain sensitive information on the audio device of the visitor's computer.

This vulnerability exists because WebAPIAudioObject.createBuffer works by sending a buffer to the server, which is then converted into an audio stream by the server and returned to the client. The attacker can record this stream and analyze it later, potentially revealing a private conversation or listening in on another user's computer.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe