Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2022-41732 – IBM Maximo Vulnerability
November 30, 2022
Rewterz
Rewterz Threat Advisory – ICS: Mitsubishi Electric GOT2000 Vulnerability
November 30, 2022

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-4195 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Safe Browsing. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4194 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Accessibility. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4193 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in File System API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4192 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Live Caption. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4191 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Sign-In. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4190 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in Directory. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4189 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4188 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in CORS. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4187 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4186 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4185 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Navigation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4184 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4183 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Popup Blocker. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4181 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Forms. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4180 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Mojo. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4179 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Audio. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4178 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Mojo. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4177 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Extensions. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4176 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of bounds write in Lacros Graphics. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4174 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-4182 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Fenced Frames. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2022-4175 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Camera Capture. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

Impact

  • Security Bypass
  • Code Execution

Indicators Of Compromise

CVE

  • CVE-2022-4195
  • CVE-2022-4194
  • CVE-2022-4193
  • CVE-2022-4192
  • CVE-2022-4191
  • CVE-2022-4190
  • CVE-2022-4189
  • CVE-2022-4188
  • CVE-2022-4187
  • CVE-2022-4186
  • CVE-2022-4185
  • CVE-2022-4184
  • CVE-2022-4183
  • CVE-2022-4181
  • CVE-2022-4180
  • CVE-2022-4179
  • CVE-2022-4178
  • CVE-2022-4177
  • CVE-2022-4176
  • CVE-2022-4174
  • CVE-2022-4182
  • CVE-2022-4175

Affected Vendors

Google

Affected Products

  • Google Chrome 108.0

Remediation

Upgrade to the latest version of Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website