CVE-2022-0795 Heap corruption could be exploited via a crafted HTML page in Google Chrome prior to 99.0.4844.51.
CVE-2017-15418 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the method property.
CVE-2017-15419 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.
CVE-2017-15420 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.
CVE-2017-15421 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the eventTarget property.
CVE-2017-15422 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the click event.
CVE-2017-15423 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the target property.
CVE-2017-15424 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.
CVE-2017-15425 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.
CVE-2017
What isream of Google Chrome?
Google Chrome is an open-source web browser developed by Google. It was first released in 2008.
A vulnerability was discovered on Google Chrome in Blink, which allowed attackers to inject scripts or HTML into a module via the method property. This vulnerability was used as part of the exploit chain for additional vulnerabilities CVE-2017-15418 through CVE-2017-15425.
^ Cork Rock - CVE 2017
CVE-2017-15418 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the method property.
CVE-2017-15419 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.
CVE-2017-15420 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.
CVE-2017-15421 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the eventTarget property.
CVE-2017-15422 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the click event.
CVE-2017-15423 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the target property.
New capabilities:
In order to improve security, Google Chrome will be implementing the following new capabilities:
1. A "High" sandbox policy that is enabled by default for all extensions, except for those that specify a different setting;
2. A “Blacklist” of known malicious extensions; and
3. The ability for users to reset their browsing data, including browsing history and Windows credentials.
Timeline
Published on: 04/05/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:15:00 UTC