Rewterz Threat Advisory –CVE-2022-30190: Follina MSDT Zero Day – Active IOCs
June 10, 2022Rewterz Threat Advisory – ICS: Mitsubishi Electric products Vulnerability
June 10, 2022Rewterz Threat Advisory –CVE-2022-30190: Follina MSDT Zero Day – Active IOCs
June 10, 2022Rewterz Threat Advisory – ICS: Mitsubishi Electric products Vulnerability
June 10, 2022Severity
High
Analysis Summary
CVE-2022-2011 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in ANGLE. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2010 CVSS:6.5
Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in compositing. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-2008 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in WebGL. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-2007 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebGPU. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-2011
- CVE-2022-2010
- CVE-2022-2008
- CVE-2022-2007
Affected Vendors
Affected Products
- Google Chrome 102.0
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Releases Web site.