CVEs from 2022
Total
5,236
critical
critical 92
high
high 1,236
medium
medium 953
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38475 | unknown | — | — | — | An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnera… | |||
| CVE-2022-49178 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: memstick/mspro_block: fix handling of read-only devices Use set_disk_ro to propagate the read-only state to the block layer inste… | |||
| CVE-2022-3306 | unknown | — | — | — | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2022-3305 | unknown | — | — | — | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2022-38474 | unknown | — | — | — | A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only af… | |||
| CVE-2022-49186 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconti_clk_register_gates() This code was using -1 to represent that there was no rese… | |||
| CVE-2022-2007 | unknown | — | — | — | Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-49189 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platfor… | |||
| CVE-2022-43634 | unknown | — | — | — | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists with… | |||
| CVE-2022-49190 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), … | |||
| CVE-2022-49794 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should ca… | |||
| CVE-2022-3304 | unknown | — | — | — | Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-3373 | unknown | — | — | — | Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-45188 | unknown | — | — | — | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used fo… | |||
| CVE-2022-50373 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race between queue_work() in _dlm_lowcomms_commit_msg() and srcu_read_unlock(). … | |||
| CVE-2022-3201 | unknown | — | — | — | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass naviga… | |||
| CVE-2022-3199 | unknown | — | — | — | Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-49193 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: fix 'scheduling while atomic' on aux critical err interrupt There's a kernel BUG splat on processing aux critical error inte… | |||
| CVE-2022-49194 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency trackin… | |||
| CVE-2022-49195 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic on shutdown if multi-chip tree failed to probe DSA probing is atypical because a tree of devices must probe a… | |||
| CVE-2022-2210 | unknown | — | — | — | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-49202 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: add missing NULL check in h5_enqueue Syzbot hit general protection fault in __pm_runtime_resume(). The probl… | |||
| CVE-2022-49203 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix double free during GPU reset on DC streams [Why] The issue only occurs during the GPU reset code path. We f… | |||
| CVE-2022-49206 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not r… | |||
| CVE-2022-49886 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that #VE on "private" memory access All normal kernel memory is "TDX private memory". This include… | |||
| CVE-2022-49208 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevent some integer underflows My static checker complains that: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_… | |||
| CVE-2022-3197 | unknown | — | — | — | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2022-49213 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix error handling in ath10k_setup_msa_resources The device_node pointer is returned by of_parse_phandle() with refcount … | |||
| CVE-2022-3196 | unknown | — | — | — | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2022-49218 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The link_status array was not large enough to read the Adjust Request Po… | |||
| CVE-2022-50371 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: led: qcom-lpg: Fix sleeping in atomic lpg_brighness_set() function can sleep, while led's brightness_set() callback must be non-b… | |||
| CVE-2022-49219 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does not h… | |||
| CVE-2022-3200 | unknown | — | — | — | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2022-49221 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect… | |||
| CVE-2022-49234 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: Avoid cross-chip syncing of VLAN filtering Changes to VLAN filtering are not applicable to cross-chip notifications. O… | |||
| CVE-2022-49242 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs: Fix error handling in mxs_sgtl5000_probe This function only calls of_node_put() in the regular path. And it will cause… | |||
| CVE-2022-36316 | unknown | — | — | — | When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability a… | |||
| CVE-2022-49248 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7… | |||
| CVE-2022-2257 | unknown | — | — | — | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||
| CVE-2022-49258 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p-… | |||
| CVE-2022-50860 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in alloc_ns() After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hna… | |||
| CVE-2022-49277 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error, we can observe t… | |||
| CVE-2022-49278 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fix count check in rproc_coredump_write() Check count for 0, to avoid a potential underflow. Make the check the same … | |||
| CVE-2022-49280 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no… | |||
| CVE-2022-49284 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfg_create_device device_register() calls device_initialize(), accord… | |||
| CVE-2022-49286 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/… | |||
| CVE-2022-49301 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read… | |||
| CVE-2022-49302 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resourc… | |||
| CVE-2022-49307 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() When the driver fails at alloc_hdlcdev(), and then we remove the d… | |||
| CVE-2022-49309 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() There is a deadlock in rtw_surveydone_event_callback… | |||
| CVE-2022-50368 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting d… | |||
| CVE-2022-3071 | unknown | — | — | — | Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit he… | |||
| CVE-2022-49315 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() There is a deadlock in rtllib_beacons_stop(), which is shown be… | |||
| CVE-2022-49318 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and __is_bitmap_valid. For examp… | |||
| CVE-2022-49320 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there … | |||
| CVE-2022-49324 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Add the missing of_node_put() to release the refcount incremented by o… | |||
| CVE-2022-49326 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore t… | |||
| CVE-2022-49327 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlock was reported time to time. Su… | |||
| CVE-2022-49331 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree()… | |||
| CVE-2022-49336 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as… | |||
| CVE-2022-49342 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register of_get_child_by_name() returns a node pointer with refcount inc… | |||
| CVE-2022-49351 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in altera_tse_mdio_create Every iteration of for_each_child_of_node() decrements the reference cou… | |||
| CVE-2022-49354 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe of_find_device_by_node() takes reference, we should use put_device() to… | |||
| CVE-2022-49359 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Job should reference MMU not file_priv For a while now it's been allowed for a MMU context to outlive it's correspo… | |||
| CVE-2022-49361 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel [1], which can be reproduced. The … | |||
| CVE-2022-49363 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on block address in f2fs_do_zero_range() As Yanming reported in bugzilla: https://bugzilla.kernel.o… | |||
| CVE-2022-49556 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter th… | |||
| CVE-2022-49366 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smb_check_perm_dacl() The issue happens in a specific path in smb_check_perm_dacl(). When "id"… | |||
| CVE-2022-49367 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register of_get_child_by_name() returns a node pointer with refcount in… | |||
| CVE-2022-49368 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() The "fsp->location" variable comes from user via eth… | |||
| CVE-2022-49369 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: amt: fix possible memory leak in amt_rcv() If an amt receives packets and it finds socket. If it can't find a socket, it should f… | |||
| CVE-2022-49370 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle kobject_init_and_add() takes reference even when it fails. Acco… | |||
| CVE-2022-3057 | unknown | — | — | — | Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2022-49373 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe of_parse_phandle() returns a node pointer with refcount incremented, … | |||
| CVE-2022-49375 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rtc: mt6397: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() ret… | |||
| CVE-2022-49377 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx blk_mq_run_hw_queues() could be run when there isn't queued request and after … | |||
| CVE-2022-49380 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug… | |||
| CVE-2022-49381 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_fill_super If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can … | |||
| CVE-2022-49382 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount increm… | |||
| CVE-2022-34485 | unknown | — | — | — | Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume … | |||
| CVE-2022-49383 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' This patch fixes the issue 'BUG: Invalid wait context' during restart() call… | |||
| CVE-2022-35260 | unknown | — | — | — | curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-base… | |||
| CVE-2022-50432 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in __kernfs_remove Syzkaller managed to trigger concurrent calls to kernfs_remove_by_name_ns() for the… | |||
| CVE-2022-50105 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refc… | |||
| CVE-2022-43551 | unknown | — | — | — | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear… | |||
| CVE-2022-49386 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks of_get_child_by_name() returns a node pointer with refcount incremente… | |||
| CVE-2022-49391 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need to free … | |||
| CVE-2022-49392 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe platform_get_resource() may fail and return NULL,… | |||
| CVE-2022-49388 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_cr… | |||
| CVE-2022-49396 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe e… | |||
| CVE-2022-49397 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e… | |||
| CVE-2022-49405 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() This code has a check to prevent read overflow but it needs anothe… | |||
| CVE-2022-49406 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blk_ia_range_sysfs_show() When being read, a sysfs attribute is already protected against remova… | |||
| CVE-2022-49407 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a fo… | |||
| CVE-2022-49415 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should us… | |||
| CVE-2022-49414 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON: =========================… | |||
| CVE-2022-49417 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULL pointer. Coverity CID: 1… | |||
| CVE-2022-49419 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup Commit b3c9a924aab6 ("fbdev: vesafb: Cleanup fb_info in .fb_… | |||
| CVE-2022-49420 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be c… | |||
| CVE-2022-3056 | unknown | — | — | — | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. |