From e4407aa237fd68582185191f36c4619358b158fb Mon Sep 17 00:00:00 2001 From: Adrian Taylor Date: Mon, 26 Sep 2022 07:50:34 -0700 Subject: [PATCH] Chrome CVEs September 2022. --- 2022/2xxx/CVE-2022-2852.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2853.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2854.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2855.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2856.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2857.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2858.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2859.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2860.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2861.json | 51 +++++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2998.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3038.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3039.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3040.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3041.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3042.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3043.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3044.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3045.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3046.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3047.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3048.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3049.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3050.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3051.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3052.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3053.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3054.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3055.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3056.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3057.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3058.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3071.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3075.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3195.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3196.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3197.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3198.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3199.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3200.json | 51 +++++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3201.json | 51 +++++++++++++++++++++++++++++++++--- 41 files changed, 1968 insertions(+), 123 deletions(-) diff --git a/2022/2xxx/CVE-2022-2852.json b/2022/2xxx/CVE-2022-2852.json index aabadfb1ed6..76834c1aef4 100644 --- a/2022/2xxx/CVE-2022-2852.json +++ b/2022/2xxx/CVE-2022-2852.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1349322" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2853.json b/2022/2xxx/CVE-2022-2853.json index cf33e9abf41..fa0a8ac6bf2 100644 --- a/2022/2xxx/CVE-2022-2853.json +++ b/2022/2xxx/CVE-2022-2853.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1350097" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2854.json b/2022/2xxx/CVE-2022-2854.json index 0f82bcdaa6a..627c509fb8e 100644 --- a/2022/2xxx/CVE-2022-2854.json +++ b/2022/2xxx/CVE-2022-2854.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1337538" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2855.json b/2022/2xxx/CVE-2022-2855.json index 0b8b90df91e..bd86f6c7c76 100644 --- a/2022/2xxx/CVE-2022-2855.json +++ b/2022/2xxx/CVE-2022-2855.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1345042" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2856.json b/2022/2xxx/CVE-2022-2856.json index 6dde4324c05..d95b18676d7 100644 --- a/2022/2xxx/CVE-2022-2856.json +++ b/2022/2xxx/CVE-2022-2856.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1345630" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2857.json b/2022/2xxx/CVE-2022-2857.json index e8238d8b4aa..1a5b3788939 100644 --- a/2022/2xxx/CVE-2022-2857.json +++ b/2022/2xxx/CVE-2022-2857.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1338135" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2858.json b/2022/2xxx/CVE-2022-2858.json index 559a6bd5198..2b544e88c7e 100644 --- a/2022/2xxx/CVE-2022-2858.json +++ b/2022/2xxx/CVE-2022-2858.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2858", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1341918" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction." } ] } diff --git a/2022/2xxx/CVE-2022-2859.json b/2022/2xxx/CVE-2022-2859.json index 71f09465f8d..91c7dbaeade 100644 --- a/2022/2xxx/CVE-2022-2859.json +++ b/2022/2xxx/CVE-2022-2859.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1338412" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions." } ] } diff --git a/2022/2xxx/CVE-2022-2860.json b/2022/2xxx/CVE-2022-2860.json index d02445ea60a..4abd6ac4d28 100644 --- a/2022/2xxx/CVE-2022-2860.json +++ b/2022/2xxx/CVE-2022-2860.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1345193" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2861.json b/2022/2xxx/CVE-2022-2861.json index a039ecc2fbf..a9309e28c84 100644 --- a/2022/2xxx/CVE-2022-2861.json +++ b/2022/2xxx/CVE-2022-2861.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1346236" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page." } ] } diff --git a/2022/2xxx/CVE-2022-2998.json b/2022/2xxx/CVE-2022-2998.json index 1b77e35e3c2..06e710f0433 100644 --- a/2022/2xxx/CVE-2022-2998.json +++ b/2022/2xxx/CVE-2022-2998.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "104.0.5112.101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1329794" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3038.json b/2022/3xxx/CVE-2022-3038.json index f07fe2199f9..5738d21b995 100644 --- a/2022/3xxx/CVE-2022-3038.json +++ b/2022/3xxx/CVE-2022-3038.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1340253" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3039.json b/2022/3xxx/CVE-2022-3039.json index 6172a04b8f7..fee0206c1c3 100644 --- a/2022/3xxx/CVE-2022-3039.json +++ b/2022/3xxx/CVE-2022-3039.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3039", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1343348" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3040.json b/2022/3xxx/CVE-2022-3040.json index 63b0c1162c9..f1ddbc7845e 100644 --- a/2022/3xxx/CVE-2022-3040.json +++ b/2022/3xxx/CVE-2022-3040.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3040", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1341539" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3041.json b/2022/3xxx/CVE-2022-3041.json index 80e316be762..26b82e3f4fd 100644 --- a/2022/3xxx/CVE-2022-3041.json +++ b/2022/3xxx/CVE-2022-3041.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1345947" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3042.json b/2022/3xxx/CVE-2022-3042.json index bea96c363af..36dbe608ff8 100644 --- a/2022/3xxx/CVE-2022-3042.json +++ b/2022/3xxx/CVE-2022-3042.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1338553" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3043.json b/2022/3xxx/CVE-2022-3043.json index 306a7db04fc..c0259f79c70 100644 --- a/2022/3xxx/CVE-2022-3043.json +++ b/2022/3xxx/CVE-2022-3043.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1336979" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3044.json b/2022/3xxx/CVE-2022-3044.json index aaff73fd8ad..5e0eeba8c24 100644 --- a/2022/3xxx/CVE-2022-3044.json +++ b/2022/3xxx/CVE-2022-3044.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1051198" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3045.json b/2022/3xxx/CVE-2022-3045.json index dabf617cbdc..7409b1b7019 100644 --- a/2022/3xxx/CVE-2022-3045.json +++ b/2022/3xxx/CVE-2022-3045.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3045", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1339648" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3046.json b/2022/3xxx/CVE-2022-3046.json index 9a766a89b75..0b7687ff074 100644 --- a/2022/3xxx/CVE-2022-3046.json +++ b/2022/3xxx/CVE-2022-3046.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1346245" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3047.json b/2022/3xxx/CVE-2022-3047.json index 0e98fccb233..c2c88dc0b37 100644 --- a/2022/3xxx/CVE-2022-3047.json +++ b/2022/3xxx/CVE-2022-3047.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1342586" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3048.json b/2022/3xxx/CVE-2022-3048.json index 71b0c12ce06..1abe47f83f6 100644 --- a/2022/3xxx/CVE-2022-3048.json +++ b/2022/3xxx/CVE-2022-3048.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1303308" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device." } ] } diff --git a/2022/3xxx/CVE-2022-3049.json b/2022/3xxx/CVE-2022-3049.json index 133ec834c95..84b95786edf 100644 --- a/2022/3xxx/CVE-2022-3049.json +++ b/2022/3xxx/CVE-2022-3049.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1316892" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3050.json b/2022/3xxx/CVE-2022-3050.json index d00c92772d4..d47f80aee64 100644 --- a/2022/3xxx/CVE-2022-3050.json +++ b/2022/3xxx/CVE-2022-3050.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1337132" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions." } ] } diff --git a/2022/3xxx/CVE-2022-3051.json b/2022/3xxx/CVE-2022-3051.json index 4217ecea179..3fe08546f07 100644 --- a/2022/3xxx/CVE-2022-3051.json +++ b/2022/3xxx/CVE-2022-3051.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1345245" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions." } ] } diff --git a/2022/3xxx/CVE-2022-3052.json b/2022/3xxx/CVE-2022-3052.json index 9e8e9d90647..764db3f2e32 100644 --- a/2022/3xxx/CVE-2022-3052.json +++ b/2022/3xxx/CVE-2022-3052.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1346154" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions." } ] } diff --git a/2022/3xxx/CVE-2022-3053.json b/2022/3xxx/CVE-2022-3053.json index 74a771fc4b3..6e6eb688275 100644 --- a/2022/3xxx/CVE-2022-3053.json +++ b/2022/3xxx/CVE-2022-3053.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1267867" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3054.json b/2022/3xxx/CVE-2022-3054.json index a5e5ec0a668..c8517261917 100644 --- a/2022/3xxx/CVE-2022-3054.json +++ b/2022/3xxx/CVE-2022-3054.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1290236" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3055.json b/2022/3xxx/CVE-2022-3055.json index 6f44d40cbfe..e50a51ae47d 100644 --- a/2022/3xxx/CVE-2022-3055.json +++ b/2022/3xxx/CVE-2022-3055.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1351969" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3056.json b/2022/3xxx/CVE-2022-3056.json index 82ca3e4754c..1b415d820be 100644 --- a/2022/3xxx/CVE-2022-3056.json +++ b/2022/3xxx/CVE-2022-3056.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1329460" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3057.json b/2022/3xxx/CVE-2022-3057.json index 9c35970c4a8..29f6d6ae2df 100644 --- a/2022/3xxx/CVE-2022-3057.json +++ b/2022/3xxx/CVE-2022-3057.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1336904" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3058.json b/2022/3xxx/CVE-2022-3058.json index 75e0f11e5f4..db6eb67402f 100644 --- a/2022/3xxx/CVE-2022-3058.json +++ b/2022/3xxx/CVE-2022-3058.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1337676" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction." } ] } diff --git a/2022/3xxx/CVE-2022-3071.json b/2022/3xxx/CVE-2022-3071.json index f0e3bff62e1..9e170cc247c 100644 --- a/2022/3xxx/CVE-2022-3071.json +++ b/2022/3xxx/CVE-2022-3071.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.52", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1333995" + }, + { + "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction." } ] } diff --git a/2022/3xxx/CVE-2022-3075.json b/2022/3xxx/CVE-2022-3075.json index e1991c826e1..29eac91bdb5 100644 --- a/2022/3xxx/CVE-2022-3075.json +++ b/2022/3xxx/CVE-2022-3075.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3075", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.102", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient data validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1358134" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3195.json b/2022/3xxx/CVE-2022-3195.json index ec4bf38edf5..cbfd1af07aa 100644 --- a/2022/3xxx/CVE-2022-3195.json +++ b/2022/3xxx/CVE-2022-3195.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3195", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.125", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1358381" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3196.json b/2022/3xxx/CVE-2022-3196.json index 9e2e3960b53..7153b677301 100644 --- a/2022/3xxx/CVE-2022-3196.json +++ b/2022/3xxx/CVE-2022-3196.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.125", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1358090" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ] } diff --git a/2022/3xxx/CVE-2022-3197.json b/2022/3xxx/CVE-2022-3197.json index 865e05fb1e0..ed89423f2c9 100644 --- a/2022/3xxx/CVE-2022-3197.json +++ b/2022/3xxx/CVE-2022-3197.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.125", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1358075" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ] } diff --git a/2022/3xxx/CVE-2022-3198.json b/2022/3xxx/CVE-2022-3198.json index 5db779f6531..ee302cabb6d 100644 --- a/2022/3xxx/CVE-2022-3198.json +++ b/2022/3xxx/CVE-2022-3198.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.125", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1355682" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." } ] } diff --git a/2022/3xxx/CVE-2022-3199.json b/2022/3xxx/CVE-2022-3199.json index 6825d864578..880bbc4e42a 100644 --- a/2022/3xxx/CVE-2022-3199.json +++ b/2022/3xxx/CVE-2022-3199.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.125", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1355237" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3200.json b/2022/3xxx/CVE-2022-3200.json index d76dcd1b3b5..34610e9ec2a 100644 --- a/2022/3xxx/CVE-2022-3200.json +++ b/2022/3xxx/CVE-2022-3200.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.125", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1355103" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2022/3xxx/CVE-2022-3201.json b/2022/3xxx/CVE-2022-3201.json index 206ef1650c1..ff0ac98a047 100644 --- a/2022/3xxx/CVE-2022-3201.json +++ b/2022/3xxx/CVE-2022-3201.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "105.0.5195.125", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1343104" + }, + { + "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page." } ] }