CVE-2022-0795 Heap corruption could be exploited via a crafted HTML page in Google Chrome prior to 99.0.4844.51.

CVE-2022-0795 Heap corruption could be exploited via a crafted HTML page in Google Chrome prior to 99.0.4844.51.

CVE-2017-15418 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the method property.

CVE-2017-15419 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.

CVE-2017-15420 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.

CVE-2017-15421 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the eventTarget property.

CVE-2017-15422 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the click event.

CVE-2017-15423 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the target property.

CVE-2017-15424 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.

CVE-2017-15425 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.

CVE-2017

What isream of Google Chrome?

Google Chrome is an open-source web browser developed by Google. It was first released in 2008.

A vulnerability was discovered on Google Chrome in Blink, which allowed attackers to inject scripts or HTML into a module via the method property. This vulnerability was used as part of the exploit chain for additional vulnerabilities CVE-2017-15418 through CVE-2017-15425.

^ Cork Rock - CVE 2017

CVE-2017-15418 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the method property.

CVE-2017-15419 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.

CVE-2017-15420 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.

CVE-2017-15421 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the eventTarget property.

CVE-2017-15422 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the click event.

CVE-2017-15423 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the target property.

New capabilities:

In order to improve security, Google Chrome will be implementing the following new capabilities:

1. A "High" sandbox policy that is enabled by default for all extensions, except for those that specify a different setting;
2. A “Blacklist” of known malicious extensions; and
3. The ability for users to reset their browsing data, including browsing history and Windows credentials.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe