CVE-2022-1129 Inappropriate implementation in Google Chrome on Android before 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox.
This issue was addressed by disabling Full Screen in Google Chrome on Android prior to version 100.0.4896.60. Google Chrome prior to version
CVE-2022-1132 Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions.
In all Google Chrome releases prior to version 69, this issue was addressed by checking the device's physical location using the new Physical
CVE-2022-1146 Inappropriate resource timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data.
CVE-2018-6051 The Resource Timing API had an insufficiently restrictive accessible document limit. This API may be used by web sites to determine how much time
CVE-2022-1139 An attacker in earlier Chrome versions could leak cross-origin data by using the Background Fetch API.
Cross-origin data leakage is a common issue in web applications where data from one origin is exposed to a script on another origin. Such data
CVE-2022-1145 An attacker who convinced a user to install a malicious extension could exploit heap corruption after specific user interaction.
Google upgraded the extension registration flow in this version to mitigate this issue by requiring extensions to be signed with a known certificate. Google recommend
Episode
00:00:00
00:00:00