March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple IBM MQ Appliance, AIX, and Spectrum Scale Vulnerabilities
March 2, 2022
Rewterz Threat Update – Russian Nuclear Institute Hit by Anonymous Collective – Russian-Ukrainian Cyber Warfare
March 2, 2022
Rewterz Threat Advisory – Multiple IBM MQ Appliance, AIX, and Spectrum Scale Vulnerabilities
March 2, 2022
Rewterz Threat Update – Russian Nuclear Institute Hit by Anonymous Collective – Russian-Ukrainian Cyber Warfare
March 2, 2022
Severity
High
Analysis Summary
CVE-2022-0809
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in WebXR. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0808
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Chrome OS Shell. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0807
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0806
Google Chrome could allow a remote attacker to obtain sensitive information, caused by a data leak in Canvas. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-0805
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Browser Switcher. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0804
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Full screen mode. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0803
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Permissions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0802
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Full screen mode. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0801
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in HTML parser. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0800
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Cast UI. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2022-0798
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in MediaStream. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0797
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in Mojo. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0796
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Media. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0795
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in Blink Layout. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0794
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebShare. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0793
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Views. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0792
Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in ANGLE. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-0791
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Omnibox. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0789
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by ANGLE. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Impact
- Code Execution
- Security Bypass
- Information Disclosure
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2022-0809
- CVE-2022-0808
- CVE-2022-0807
- CVE-2022-0806
- CVE-2022-0805
- CVE-2022-0804
- CVE-2022-0803
- CVE-2022-0802
- CVE-2022-0801
- CVE-2022-0800
- CVE-2022-0798
- CVE-2022-0797
- CVE-2022-0796
- CVE-2022-0795
- CVE-2022-0794
- CVE-2022-0793
- CVE-2022-0792
- CVE-2022-0791
- CVE-2022-0789
Affected Vendors
Affected Products
- Google Chrome 99
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Releases Web site.