Rewterz Threat Advisory – Multiple F5 BIG-IP Vulnerabilities
January 20, 2022Rewterz Threat Advisory – CVE-2021-45230 – Apache Airflow Vulnerability
January 20, 2022Severity
High
Analysis Summary
CVE-2022-0289
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Safe browsing. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0311
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Task Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2022-0310
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Task Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2022-0309
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0308
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Data Transfer. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0307
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Optimization Guide. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0306
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by PDFium. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2022-0305
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Service Worker API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0304
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Bookmarks. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0304
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Bookmarks. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0303
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in GPU Watchdog. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0302
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Omnibox. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0301
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by DevTools. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2022-0300
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Text Input Method Editor. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0298
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Scheduling. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0297
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Vulkan. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0296
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Printing. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0295
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Omnibox. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0294
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Push messaging. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0293
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Web packaging. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-0292
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Fenced Frames. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0291
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Storage. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-0290
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Site isolation. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Code Execution
- Buffer Overflow
- Security Bypass
Affected Vendors
Affected Products
- Google Chrome 97
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Web site.