Rewterz Threat Advisory – Multiple VMware Workspace ONE Access, Identity Manager and vRealize Automation Vulnerabilities
August 3, 2022Rewterz Threat Alert – AveMaria RAT – Active IOCs
August 4, 2022Rewterz Threat Advisory – Multiple VMware Workspace ONE Access, Identity Manager and vRealize Automation Vulnerabilities
August 3, 2022Rewterz Threat Alert – AveMaria RAT – Active IOCs
August 4, 2022Severity
High
Analysis Summary
CVE-2022-2605 CVSS:6.5
Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in Dawn. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-2604 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Safe Browsing. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2603 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Omnibox. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2624 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by PDF. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2022-2623 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Offline. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2622 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Safe Browsing.. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-2621 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Extensions. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2620 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebUI. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2619 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Settings. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-2618 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Internals. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-2617 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Extensions API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2616 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Extensions API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-2615 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Cookies. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-2614 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Sign-In Flow. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2613 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Input. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2612 CVSS:6.5
Google Chrome could allow a remote attacker to obtain sensitive information, caused by side-channel information leakage in Keyboard input. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-2611 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Fullscreen API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2022-2609 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Nearby Share. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2608 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Nearby Share. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Information Disclosure
- Code Execution
- Buffer Overflow
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-2605
- CVE-2022-2604
- CVE-2022-2603
- CVE-2022-2624
- CVE-2022-2623
- CVE-2022-2622
- CVE-2022-2621
- CVE-2022-2620
- CVE-2022-2619
- CVE-2022-2618
- CVE-2022-2617
- CVE-2022-2616
- CVE-2022-2615
- CVE-2022-2614
- CVE-2022-2613
- CVE-2022-2612
- CVE-2022-2611
- CVE-2022-2609
- CVE-2022-2608
Affected Vendors
Affected Products
Google Chrome 104.0
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Releases Website.
Google Chrome Releases Website