CVE-2022-2156 An attacker can exploit heap corruption in Chrome before 103.0.5060.53 to execute malicious code.

CVE-2022-2156 An attacker can exploit heap corruption in Chrome before 103.0.5060.53 to execute malicious code.

This issue has been fixed.

After script injection in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform a cross-origin scripting injection via a crafted HTML page.

This issue was fixed in version 103.0.5111.57.

Mixed content blocking when a site loads a different domain in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to inject arbitrary JavaScript into another domain via a POST request with JSON data. Note: this issue applies to when a site loads a different domain than the Mixed Content Blocker is enabled on via the user preferences. This issue has been fixed in version 103.0.5111.57.

Mixed Content Blocker do not work in Google Chrome prior to 103.0.5060.53 for Windows and Mac. This issue has been fixed in version 103.0.5111.57.

Crash when clicking on Google Chrome menu in Google Chrome prior to 103.0.5060.53. This issue has been fixed in version 103.0.5111.57.

Google Chrome prior to 103.0.5060.53 on OS X 10.11 (El Capitan): Multiple issues have been discovered in Google Chrome prior to 103.0.5060.53. The following issues have been confirmed and fixed in the latest software version, v103.0.5111.57, release date

OS X 10.11 (El Capitan)

Multiple vulnerabilities in Google Chrome prior to 103.0.5060.53 have been discovered that can lead to arbitrary code execution in the sandboxed process, either via type confusion (CVE-2017-5128) or by bypassing sandbox checks (CVE-2017-5129).

Critical issues

Cross-origin script injection via a crafted HTML page
Mixed content blocking when a site loads a different domain in Google Chrome prior to 103.0.5060.53
Crash when clicking on Google Chrome menu in Google Chrome prior to 103.0.5060.53
Multiple issues have been discovered, see below for details.

Credit to Sergey Glougatsky sergey.glougatskiy@gmail.com

One of the most popular social media platforms is Facebook. People are constantly posting on their feed or on their business page, which means there are loads of opportunities for you to advertise on Facebook. And if you're not advertising on it yet, now is the time to start! There are many strategies you can use with your ads. But one strategy that stands out is using pictures in your ad campaigns.
The benefits of advertising on Facebook are enormous. It's an excellent platform for advertising because there are so many different ways to do it. Facebook ads can be targeted to a specific demographic or geographic area, or they can be on an easier flow on the internet. With Facebook, you can target your audience by location, age, gender, interests, and more. By targeting your ad to a specific group of people, you'll be spending less money on clicks that don't convert into sales. These ads get better conversion rates because you'll spend less money while still getting better results. You can use pictures in your ad campaigns on Facebook as people respond well to pictures. People are more likely to click through when they see something visually appealing than if they see text only.
The feature that makes this strategy even more powerful is the ability to target your ideal audience with precision and efficiency--not only further improving the conversion rates of your ads but also increasing their effectiveness in accomplishing what's needed of them--all at the expense of spending less money while still achieving better results overall!

Vulnerability Summary

The following issues have been confirmed and fixed in the latest software version, v103.0.5111.57, release date:
- [CVE-2022-2156](https://www.kb.cert.org/vuls/id/934797) Cross-origin scripting injection via a crafted HTML page
- [CVE-2022-2156](https://www.kb.cert.org/vuls/id/934797) Mixed content blocking when a site loads a different domain in Google Chrome prior to 103.0.5060.53
- [CVE-2022-2156](https://www.kb.cert.org/vuls/id/934797) Crash when clicking on Google Chrome menu in Google Chrome prior to 103.0.5060.53
- [CVE-2019-15825](https://www.kb.cert.org/vuls/id/934514) The "do not track" preference doesn't take effect after enabling it
These issues have been fixed:
Google Chrome prior to 103

Credit: Reported by Or Wouters of Oneops UK https://www.oneopsuk.com/ google-chrome-bugships/


A blog post that discusses the importance of digital marketing. The post makes six reasons why digital marketing is important and lists four issues that have been fixed in the latest software version.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe