CVE-2022-0789 Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to exploit heap corruption.

This issue was addressed by improving memory handling. Wezel 7 CVE found through SOC3: Google Chrome prior to version 76.0.3785.0 for Linux, Windows, and macOS, as used on Android devices, allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML page. This issue was addressed by updating V8 to version 5.4.8. Wezel 8 CVE found through MITRE CVE: Google Chrome prior to version 76.0.3785.0 for Windows and Mac OS X allowed attackers to bypass the Same Origin Policy via a crafted HTML page. The issue was addressed by setting the http_build_query directive to false. Wezel 9 CVE found through MITRE CVE: Google Chrome prior to version 76.0.3785.0 for Windows and Mac OS X allowed attackers to bypass the Same Origin Policy via a crafted HTML page. The issue was addressed by setting the http_build_query directive to false. Wezel 10 CVE found through MITRE CVE: Google Chrome prior to version 76.0.3785.0 for Windows and Mac OS X allowed attackers to bypass the Same Origin Policy via a crafted HTML page. The issue was addressed by setting the http_build_query directive to false. Wezel 11 CVE found through MITRE CVE: Google Chrome prior to version 76.0.3785.0 for Windows and Mac OS X allowed attackers to bypass the Same Origin Policy

Multiple Vulnerabilities in Google Chrome OS CVE-2022-0786

This issue was addressed by removing the "--enable-pack200" command line option. Wezel 1 CVE found through MITRE CVE: Google Chrome prior to version 76.0.3785.0 for Windows and Mac OS X allowed attackers to bypass the Same Origin Policy via a crafted HTML page. The issue was addressed by setting the http_build_query directive to false. Wezel 2 CVE found through MITRE CVE: Google Chrome prior to version 76.0.3785.0 for Windows and Mac OS X allowed attackers to bypass the Same Origin Policy via a crafted HTML page. The issue was addressed by setting the http_build_query directive to false. Wezel 3 CVE found through MITRE CVE: Google Chrome prior to version 76.0.3785.0 for Windows and Mac OS X allowed attackers to bypass the Same Origin Policy via a crafted HTML page that is mishandled in a standards-defined fashion during MHTML decoding, as demonstrated by an MHTML file containing multiple links with rel=noreferer, target=_blank, and ref=javascript:alert pages within it being displayed in standalone mode without JavaScript warnings when those links are visited from other web pages or visited with Opera browser on Windows 10 Creators Update 64bit Release (17134). The issue was addressed by disabling standalone mode in Windows 10 Creators Update 64bit Release (17134).

Timeline

Published on: 04/05/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:15:00 UTC

References

• https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
• https://crbug.com/1289383
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0789