Chrome checks in ReduceJSLoadPropertyWithEnumeratedKey are not sufficient to prevent the engine from reading an out-of-bounds index from an enum cache.
d2720d577ee6196fb4e71365c0315fa67c9c9abb683aa559628add3042c1ecceChrome suffers from an issue with dangling FixedArray pointers in Torque that can lead to memory corruption.
1bf880f7ba1c3955eba8b9696b7db8f2836b2579a921f40d918c9f7f376eb6daChrome suffers from a read-only property overwrite in TurboFan.
339e46027cc8b8c66cb28ff3c463ad6c47cf6f8ffb6529887e6307d9537ad24cChrome suffers from a heap use-after-free vulnerability in device::OpenXrApiWrapper::InitSession. Versions affected include Google Chrome 114.0.5735.45 (Official Build) and Chromium 116.0.5806.0 (Developer Build).
31d602a3d96e944d063ead1d9fbfca2a6e74125a6f3f1b9fd9de66da1262572cv8::internal::JSObject::SetAccessor does not check if the receiver is extensible before adding a new property. A potential attacker can exploit the ability to extend non-extensible objects to achieve arbitrary code execution inside the renderer process. Google Chrome version 113.0.5672.63 is affected.
5dea486a3e6ad9015ccd5bcf3a079867756de3fea0de37f9a81a4fdb0213817bGoogle Chrome version 112.0.5615.137 and Chromium version 115.0.5737.0 suffer from a type confusion vulnerability in v8::internal::Object::SetPropertyWithAccessor.
ca1ae2932c65327ead4a64b612c744bc25a9a0ee96064ba953dcf011ba640f7eChrome suffers from an internal javascript object access vulnerability. suffers from a code execution vulnerability.
ffd1bc4c7c03a984e8cd76542fd8b6610321410abd4663e7c81762fe8f30c5aeChrome suffers from a heap buffer overflow vulnerability in base::SampleVectorBase::MoveSingleSampleToCounts.
56c179a58f11cc0f38bddec251f01ed9bc46c971de948deee99ccf3ae1bbc48fChrome suffers from a heap buffer overflow vulnerability in base::debug::ActivityUserData::ActivityUserData.
bf0edebf8c86d69106bb2e6045c77ad82ba926fd2ae83f98fa7a0b19855f6185Chrome suffers from a copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess.
e557b72be711db4993d6e8b8912d3a2b8d46fe92a763b730da3097b4ad6eb837A design flaw in the Chrome Synchronous Mojo message handling introduces unexpected reentrancy and allows for multiple use-after-free vulnerabilities.
8a4497a8ccb25f14e2dfe008e25cc2f2541b2d1e30345fff6f3169f4cac5313dChrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.
ede5dbd6ee9c5895a1b02c8bc6cefd5dfe9adef84fd2fceb45bd3140cd0fa16bChrome suffers from a password_manager::WellKnownChangePasswordState::SetChangePasswordResponseCode heap use-after-free vulnerability.
95f6fb186156d8852bfb88cde51b59609bb9e1bb18fedd24876a32ee97f9a6faChrome suffers from a heap use-after-free vulnerability in AccountSelectionBubbleView::OnAccountImageFetched.
58250b99dc0491f82cdc58424c569b8f9d2df212310a3407eb9441507e365641Chrome suffers from a heap buffer overflow vulnerability in offline_items_collection::OfflineContentAggregator::OnItemRemoved.
a12649cc87b93dc4f1206b4520f0269c90067ff6042cf3fbf667a38af1956ab3Google Chrome version 103.0.5060.53 (Official Build) and Chromium version 105.0.5148.0 (Developer Build) (64-bit) suffer from a network::URLLoader::NotifyCompleted heap use-after-free vulnerability.
0a0cfa991a833e133ec250fb094a0a8fff51e2ddc48df648d1193d2e2686ead0Google Chrome version 103.0.5060.53 suffers from an Autofill Assistant universal cross site scripting vulnerability.
15976aab9647c7b90f0f40144b888ee5fa37af45baa02bcd0adbe3fc7fae4979A use-after-free issue exists in Chrome 104 and earlier versions. Processing maliciously crafted web content may lead to arbitrary code execution in the browser process. LinkToTextMenuObserver holds a raw pointer to a RenderFrameHost object, but is not owned by the frame host and does not watch for frame host destruction events. Therefore, if an attacker manages to destroy the frame host right after the observer is created but before the timeout task posted in StartLinkGenerationRequestWithTimeout() is executed, use-after-free will occur.
071c2f32b441a15bf0f0c6db3397a3899a646938aeb7df15abb5fc345c9589e8Chrome suffers from a heap use-after-free vulnerability in content::ServiceWorkerVersion::MaybeTimeoutRequest. Google Chrome version 103.0.5060.53 and Chromium version 105.0.5134.0 are affected.
a5cedab667714abf085c2a940066ea32b5ec7735eceff8cf7a6da8ce5a4eae7bA heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.
cb8f7be542f04c635c86858c21eaa7b6cc6ce03a9209a26428307fdbe1ed92a7A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.
d9d1207247ebb20f56509add11b90166662a5bc61929b7ae0d9356619f52a0b3Chrome suffers from having an incomplete fix for CVE-2022-1096.
a034f87b7b68c9e71d23b3a96392d323625a4e9fd5c2246a143f439e0d73ddeeA use-after-free issue exists in Chrome 100 and earlier versions. A malicious extension can achieve arbitrary code execution in the browser process.
595428413ed6af41648e85f12bfacfc4d3b4b659dea62dab16b66777c9ddb014A use-after-free issue exists in Chrome 100 and earlier versions. Processing maliciously crafted web content may lead to arbitrary code execution in the browser process.
84b488e3a4db5db9d8a3df99b628eaaf0e1c8d462ed33ed2d967d6a09c443252Chrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.
f016c2cc33607e475f4fb0feaf3b97c31f557eea1cb21d5c1b76fc4fa4ad9003
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed