| 2022-09-26 | CVE-2022-3048 | Incorrect Authorization vulnerability in multiple products
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | 6.8 |
| 2022-09-26 | CVE-2022-3053 | Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. | 4.3 |
| 2022-09-26 | CVE-2022-3054 | Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2022-09-26 | CVE-2022-3056 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 |
| 2022-09-26 | CVE-2022-3057 | Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2022-09-26 | CVE-2022-3201 | Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. | 5.4 |
| 2022-09-14 | CVE-2022-20231 | Out-of-bounds Write vulnerability in Google Android
In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. | 6.7 |
| 2022-09-13 | CVE-2022-20393 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 11.0/12.0/12.1
In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. | 5.5 |
| 2022-09-13 | CVE-2022-20396 | Insufficient Verification of Data Authenticity vulnerability in Google Android 12.1/13.0
In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. | 5.5 |
| 2022-09-13 | CVE-2022-20399 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. | 5.5 |