Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple F5 BIG-IP Vulnerabilities
January 20, 2022
Rewterz
Rewterz Threat Advisory – CVE-2021-45230 – Apache Airflow Vulnerability
January 20, 2022

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-0289 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Safe browsing. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0311 

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Task Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2022-0310 

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Task Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2022-0309 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-0308 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Data Transfer. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0307 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Optimization Guide. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0306 

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by PDFium. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2022-0305 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Service Worker API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-0304 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Bookmarks. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0304 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Bookmarks. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0303 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in GPU Watchdog. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0302 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Omnibox. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0301 

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by DevTools. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2022-0300 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Text Input Method Editor. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0298 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Scheduling. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0297 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Vulkan. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0296 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Printing. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0295 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Omnibox. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0294 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Push messaging. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-0293 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Web packaging. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-0292 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Fenced Frames. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-0291 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Storage. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-0290 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Site isolation. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Impact

  • Code Execution
  • Buffer Overflow
  • Security Bypass

Affected Vendors

  • Google

Affected Products

  • Google Chrome 97

Remediation

Upgrade to the latest version of Chrome, available from the Google Chrome Web site.

https://chromereleases.googleblog.com/