CVE-2022-3049 An malicious website can cause heap corruption on Chrome OS after after-free in Split-Screen.
This issue was addressed by disabling the rendering feature of HTML in the web view. For more information, see this Chromium issue. Lacros prior to
CVE-2022-3051 Heap buffer overflow in Exosphere in Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to perform specific UI interactions to potentially exploit heap corruption.
This issue has been fixed in current Google Chrome OS versions. Google Bug: CVE-2018-5123. Google has also confirmed that this issue is not exploitable for
CVE-2022-3038 An attacker can exploit heap corruption in Google Chrome before 105.0.5195.52 to gain remote access.
Note: this issue was fixed in Google Chrome 105.0.5195.62. Users can upgrade to the latest version which fixes this issue. WebExtension users
CVE-2022-3199 An attack in Frames in Google Chrome prior to version 105.0.5195.125 could lead to heap corruption.
CVE-2018-6038 was discovered in WebRTC. A remote attacker could exploit weaknesses to conduct click fraud or SSRF.
To exploit these issues, an attacker would deliver
CVE-2022-3198 An after free vulnerability in Google Chrome could be exploited to cause heap corruption.
CVE-2018-6050 was assigned this issue. As of writing this advisory, it is still unclear whether this issue can be exploited to achieve remote code execution.
Episode
00:00:00
00:00:00