CVE-2022-1132 Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions.
In all Google Chrome releases prior to version 69, this issue was addressed by checking the device's physical location using the new Physical
CVE-2022-1146 Inappropriate resource timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data.
CVE-2018-6051 The Resource Timing API had an insufficiently restrictive accessible document limit. This API may be used by web sites to determine how much time
CVE-2022-1139 An attacker in earlier Chrome versions could leak cross-origin data by using the Background Fetch API.
Cross-origin data leakage is a common issue in web applications where data from one origin is exposed to a script on another origin. Such data
CVE-2022-1138 Inappropriate implementation of Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to obscure the contents of the Omnibox by compromising the renderer process.
Google has assigned the highest priority to fixing this issue, and released a beta version of Chrome 70, which protects against this attack by default.
CVE-2022-1145 An attacker who convinced a user to install a malicious extension could exploit heap corruption after specific user interaction.
Google upgraded the extension registration flow in this version to mitigate this issue by requiring extensions to be signed with a known certificate. Google recommend
Episode
00:00:00
00:00:00