CVE-2022-1146 Inappropriate resource timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data.
CVE-2018-6051 The Resource Timing API had an insufficiently restrictive accessible document limit. This API may be used by web sites to determine how much time
CVE-2022-1139 An attacker in earlier Chrome versions could leak cross-origin data by using the Background Fetch API.
Cross-origin data leakage is a common issue in web applications where data from one origin is exposed to a script on another origin. Such data
CVE-2022-1138 Inappropriate implementation of Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to obscure the contents of the Omnibox by compromising the renderer process.
Google has assigned the highest priority to fixing this issue, and released a beta version of Chrome 70, which protects against this attack by default.
CVE-2022-1145 An attacker who convinced a user to install a malicious extension could exploit heap corruption after specific user interaction.
Google upgraded the extension registration flow in this version to mitigate this issue by requiring extensions to be signed with a known certificate. Google recommend
CVE-2022-1096 An attacker could exploit heap corruption in V8 on Google Chrome before 99.0.4844.84 to conduct a remote attack.
This issue was addressed by improved validation. A remote attacker could host a malicious website that could exploit this issue via a crafted HTML page.
Episode
00:00:00
00:00:00