CVE-2022-3886 - Exploiting a Use-After-Free in Chrome Speech Recognition — Deep Dive and PoC
CVE-2022-3886 is a "use-after-free" vulnerability in the Speech Recognition component of Google Chrome, fixed in version 107..5304.106.
CVE-2022-3889 - Exploiting Type Confusion in Chrome's V8 Engine for Heap Corruption
Summary:
In October 2022, security researchers discovered a high-severity vulnerability — CVE-2022-3889 — in V8, the JavaScript engine used by Google Chrome. This bug,
CVE-2022-3888 An attacker can exploit heap corruption in Google Chrome prior to 107.0.5304.106 to gain remote access.
Note that this issue was only fixed in the current Chromium version. Google Chrome prior to version 107.0.5304.106 had a use after
CVE-2022-42956 - PassWork Extension 5..9 Flaw Exposes Master Password
In late 2022, a worrying vulnerability was discovered in the widely-used PassWork password manager browser extension, version 5..9. This security flaw (CVE-2022-
CVE-2022-42955 The PassWork extension 5.0.9 allows attackers to obtain cleartext cached credentials.
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain unencrypted password data.
In order to exploit these vulnerabilities,
Episode
00:00:00
00:00:00