CVE-2022-1137 Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker to leak sensitive information if they convinced a user to install a malicious extension.
An attacker could use extensions to send data to a remote server or to execute arbitrary code with the privileges of the user running the
CVE-2022-1136 In Google Chrome before version 100, an attacker could exploit after free heap corruption by convincing a user to install a malicious extension.
Google received a small number of reports confirmed that these issues are resolved in this release. In the future, we will release browser updates via
CVE-2022-1135 An after free bug in Shopping Cart in Google Chrome before version 100.0.4896.60 could be abused to exploit heap corruption.
CVE-2018-6041 has been assigned to this issue. A Common Vulnerability Scoring System (CVSS) rating of 8.8 has been assigned to this vulnerability.
On October
CVE-2022-1132 Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions.
In all Google Chrome releases prior to version 69, this issue was addressed by checking the device's physical location using the new Physical
CVE-2022-1146 Inappropriate resource timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data.
CVE-2018-6051 The Resource Timing API had an insufficiently restrictive accessible document limit. This API may be used by web sites to determine how much time
Episode
00:00:00
00:00:00