A race condition in Safe Browsing validation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
An integer overflow in the VP9 video codec implementation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
An integer overflow in the WebM video codec implementation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
Incorrect handling of extensions in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
An insecure download of a malicious extension in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
An incorrect validation of untrusted input in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
Incorrect handling of malformed text data in Web Notifications in Google Chrome prior to 106.0.5249
Google Chrome 107.0.2563
Security Update
Chrome has released a security update to address vulnerabilities in Chrome, and it's important that you update your browser right away. Here are the details:
- CVE-2022-3316: A race condition in Safe Browsing validation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
- CVE-2022-3318: An integer overflow in the VP9 video codec implementation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
- CVE-2022-3319: An integer overflow in the WebM video codec implementation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
- CVE-2022-3320 : Incorrect handling of extensions in Google Chrome prior to 106.0.5249 allowed a remote attacker to bypass security feature via a crafted HTML page.. (Chromium security severity: Low)
- CVE-2022-3321 : Insecure download of malicious extension in Google Chrome prior to 106.0.5249 allowed a remote attacker to bypass security feature via a crafted HTML page.. (Chrome Security Severity Low)
Versions Affected
Google Chrome prior to 106.0.5249.62
Google Chrome prior to 97.0.3098.53
Google Chrome prior to 96.0.948.3
Google Chrome prior to 84.0.342.14
Google Chrome on Android prior to 71
Vulnerability: Incorrect restriction of untrusted HTML content
A vulnerability in the restriction of untrusted HTML content in Google Chrome allowed an attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
An integer overflow in the VP9 video codec implementation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
An integer overflow in the WebM video codec implementation in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)
Timeline
Published on: 11/01/2022 20:15:00 UTC
Last modified on: 12/09/2022 15:49:00 UTC