Severity
High
Analysis Summary
CVE-2022-0603
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in File Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0604
Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
CVE-2022-0605
Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a use-after-free error within the Webstore API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
CVE-2022-0606
Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
CVE-2022-0607
Google Chrome could allow a remote attacker to compromise vulnerable system. The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
CVE-2022-0608
Google Chrome could allow a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to integer overflow in Mojo component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
CVE-2022-0609
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Animation. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0610
Google Chrome could allow a remote attacker to gain access to sensitive information. The vulnerability exists due to incorrect implementation in Gamepad API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
Impact
- Denial of Service
- Remote Code Execution
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVEs
- CVE-2022-0603
- CVE-2022-0604
- CVE-2022-0605
- CVE-2022-0606
- CVE-2022-0607
- CVE-2022-0608
- CVE-2022-0609
- CVE-2022-0610
Affected Vendors
Affected Products
- Google Chrome 98
Remediation
Update to version 98.0.4758.102 from here: