CVE-2022-4185 - Spoofing iOS Chrome Modal Dialogues with Crafted HTML (Explained simply)
In December 2022, Google patched a medium-severity security issue affecting Chrome for iOS (Safari-based), tracked as CVE-2022-4185. This bug allowed remote attackers to spoof the
CVE-2022-39338 - How a Nextcloud user_oidc Discovery URL Bug Enabled XSS in Safari
Nextcloud is one of the most popular open-source self-hosted cloud services out there. Like many modern platforms, Nextcloud supports logging in with multiple identity providers
CVE-2022-43138 Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges.
This can be leveraged in a Man-In-The-Middle attack to inject arbitrary requests. Dolibarr Open Source ERP & CRM for Business before v14.0.1 does
CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability
The earlier ID was assigned to a Cross-Origin Resource Sharing (CORS) bypass vulnerability in Open Graph API. This is an important feature to let a
CVE-2022-3660: Hiding the Omnibox in Google Chrome on Android through Inappropriate Implementation of Full-screen Mode
The Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-3660 discloses a medium-severity security vulnerability in Google Chrome on Android, which allows a remote attacker to conceal
Episode
00:00:00
00:00:00