CVE-2022-0608 Heap overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to exploit the bug.

CVE-2022-0608 Heap overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to exploit the bug.

CVE-2018-5304 was reported to involve improper handling of the toDataURL method when the data argument contains invalid UTF-8 data. This can result in the security risk of cross-origin data leakage.

CVE-2018-5305 was reported to occur when a maliciously crafted HTML page triggers a crash in v8, the V8 JavaScript engine, in Google Chrome via a crafted sequence of JavaScript commands.

CVE-2018-5306 was reported to involve a race condition in extensions registration in Google Chrome via a malicious extension. An attacker could potentially exploit this vulnerability by creating a malicious extension.

CVE-2018-5307 was reported to occur when a maliciously crafted HTML page triggers a crash in Skia, the layout engine used in Google Chrome via a crafted sequence of JavaScript commands.

CVE-2018-5311 was reported to occur when a maliciously crafted HTML page triggers a crash in V8, the V8 JavaScript engine in Google Chrome via a crafted sequence of JavaScript commands.

CVE-2018-5312 was reported to involve a race condition in the file picker in Google Chrome via a malicious extension. An attacker could potentially exploit this vulnerability by creating a malicious extension.

CVE-2018-5313 was reported to occur when a maliciously crafted HTML page triggers a crash in Skia, the layout engine used in Google Chrome via a crafted sequence of JavaScript commands.

CVE-2018-5314 was reported

Two vulnerabilities in the Updater Service could allow an attacker to access local files on a targeted machine.


If you use Google Chrome, there are two vulnerabilities in the updater service that could allow an attacker to access local files on a targeted machine. The first vulnerability is related to improper handling of the toDataURL method when the data argument contains invalid UTF-8 data, which can result in cross-origin data leakage. The second vulnerability is related to a race condition in extensions registration, and an attacker may exploit this vulnerability by creating a malicious extension.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe