CVE-2022-1854 An attacker can exploit heap corruption in Google Chrome to hijack browser sessions.

CVE-2022-1854 An attacker can exploit heap corruption in Google Chrome to hijack browser sessions.

CVE-2015-1240 was discovered in Google V8, a highly-optimized JavaScript engine. By crafting synthetic input and injecting code into the memory, an attacker could exploit the vulnerability to bypass security restrictions and obtain sensitive information. An attacker could also potentially exploit the vulnerability to execute code in the context of the currently loaded page. Software using Google V8 is vulnerable, including Google Chrome, Chromium, and other projects. Mitigation: users can avoid this vulnerability by disabling the Google V8 JavaScript Engine.

An attacker can exploit this vulnerability by crafting HTML code to bypass security restrictions.

Google Chrome prior to version 40.0.2214.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2015-1238 was discovered in Google V8, a highly-optimized JavaScript engine. By crafting synthetic input and injecting code into the memory, an attacker could exploit the vulnerability to bypass security restrictions and obtain sensitive information. An attacker could also potentially exploit the vulnerability to execute code in the context of the currently loaded page. Software using Google V8 is vulnerable, including Google Chrome, Chromium, and other projects. Mitigation: users can avoid this vulnerability by disabling the Google V8 JavaScript Engine.

An attacker can exploit this vulnerability by crafting HTML code to bypass security restrictions.

Google Chrome prior to version 40

Note: Google Chrome 40.0.2214.85 was the last version to be vulnerable to CVE-2015-1238 .

Google Chrome prior to version 40.0.2214.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2016-2874 was discovered in Google V8, a highly-optimized JavaScript engine. By crafting synthetic input and injecting code into the memory, an attacker could exploit the vulnerability to bypass security restrictions and obtain sensitive information. An attacker could also potentially exploit the vulnerability to execute code in the context of the currently loaded page. Software using Google V8 is vulnerable, including Google Chrome, Chromium, and other projects. Mitigation: users can avoid this vulnerability by disabling the Google V8 JavaScript Engine.

An attacker can exploit this vulnerability by crafting HTML code to bypass security restrictions.

Google Chrome prior to version 42 (64-bit) allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Vulnerability summary br br

CVE-2022-1854 was discovered in Google V8, a highly-optimized JavaScript engine. By crafting synthetic input and injecting code into the memory, an attacker could exploit the vulnerability to bypass security restrictions and obtain sensitive information. An attacker could also potentially exploit the vulnerability to execute code in the context of the currently loaded page. Software using Google V8 is vulnerable, including Google Chrome, Chromium, and other projects. Mitigation: users can avoid this vulnerability by disabling the Google V8 JavaScript Engine.

An attacker can exploit this vulnerability by crafting HTML code to bypass security restrictions.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe