CVE-2022-1139 An attacker in earlier Chrome versions could leak cross-origin data by using the Background Fetch API.
Cross-origin data leakage is a common issue in web applications where data from one origin is exposed to a script on another origin. Such data
CVE-2022-1138 Inappropriate implementation of Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to obscure the contents of the Omnibox by compromising the renderer process.
Google has assigned the highest priority to fixing this issue, and released a beta version of Chrome 70, which protects against this attack by default.
CVE-2022-1145 An attacker who convinced a user to install a malicious extension could exploit heap corruption after specific user interaction.
Google upgraded the extension registration flow in this version to mitigate this issue by requiring extensions to be signed with a known certificate. Google recommend
CVE-2022-1096 An attacker could exploit heap corruption in V8 on Google Chrome before 99.0.4844.84 to conduct a remote attack.
This issue was addressed by improved validation. A remote attacker could host a malicious website that could exploit this issue via a crafted HTML page.
CVE-2022-0980 An attacker who convinced a user to install a malicious extension could exploit heap corruption on the New Tab Page.
This issue has been fixed. After upgrading to Google Chrome 80, users must update all extensions to ensure they receive patch updates.
CVE-2018-6148 In Google
Episode
00:00:00
00:00:00