{"vulnerability": "cve-2022-3450", "sightings": [{"uuid": "11328542-f673-4359-ab99-d96d87d59ea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3450", "type": "seen", "source": "https://t.me/true_secator/3555", "content": "Google \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Chrome \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u0448\u0435\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044e Google, \u0432\u0441\u0435 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432\u043d\u0435\u0448\u043d\u0438\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435 \u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u0435 38 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0421\u0428\u0410 \u043f\u043e BugBounty.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2022-3445, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 Skia, \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 2D-\u0433\u0440\u0430\u0444\u0438\u043a\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u043b\u0443\u0436\u0438\u0442 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0434\u0432\u0438\u0436\u043a\u043e\u043c Chrome.\n\n\u041f\u043e 15 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0443\u0448\u043b\u043e \u041d\u0430\u043d \u0412\u0430\u043d\u0443 \u0438 \u042e\u043d \u041b\u044e \u0438\u0437 Qihoo 360 \u0437\u0430 \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443, \u0435\u0449\u0435 13 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u043b\u0430\u0447\u0435\u043d\u044b \u041a\u0430\u0439\u0434\u0436\u0438 \u0421\u044e\u0439 \u0437\u0430 CVE-2022-3446 (\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438 \u0432 WebSQL).\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0433\u0438\u0433\u0430\u043d\u0442 \u0437\u0430\u043f\u043b\u0430\u0442\u0438\u043b 7500 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u041d\u0430\u0440\u0435\u043d\u0434\u0440\u0435 \u0411\u0445\u0430\u0442\u0438 \u0438\u0437 Suma Soft, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0432\u043a\u043b\u0430\u0434\u043a\u0430\u0445 (CVE-2022-3447), \u0438 2500 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e Kunlun Lab, \u0441\u043e\u043e\u0431\u0449\u0438\u0432\u0448\u0435\u043c\u0443 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 API \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 (CVE-2022-3448).\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u043c \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435 (CVE-2022-3449) \u0438 \u043e\u0434\u043d\u043e\u0440\u0430\u043d\u0433\u043e\u0432\u043e\u043c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0438 (CVE-2022-3450), \u043d\u043e Google \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0441\u0443\u043c\u043c\u0443 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0448\u0438\u0431\u043a\u0443.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Chrome \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\nChrome \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Windows, Mac \u0438 Linux \u043a\u0430\u043a \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f 106.0.5249.119. Google \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.", "creation_timestamp": "2022-10-13T10:13:41.000000Z"}, {"uuid": "2d65cb8f-b813-49c5-854c-1d096de9630e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34509", "type": "seen", "source": "https://t.me/cibsecurity/46796", "content": "\u203c CVE-2022-34509 \u203c\n\nThe wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T18:19:22.000000Z"}, {"uuid": "df1c7a47-f30b-433a-9551-8fa792843e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34501", "type": "seen", "source": "https://t.me/cibsecurity/46806", "content": "\u203c CVE-2022-34501 \u203c\n\nThe bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T18:19:35.000000Z"}, {"uuid": "ef9243a5-a3a7-43d0-b8a4-d05c47b2aef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34503", "type": "seen", "source": "https://t.me/cibsecurity/46814", "content": "\u203c CVE-2022-34503 \u203c\n\nQPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T18:19:44.000000Z"}, {"uuid": "e6de953a-1045-4607-b681-f94c98265f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34500", "type": "seen", "source": "https://t.me/cibsecurity/46813", "content": "\u203c CVE-2022-34500 \u203c\n\nThe bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T18:19:43.000000Z"}, {"uuid": "fea9529d-0d51-43c4-8555-cc037ea17654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34502", "type": "seen", "source": "https://t.me/cibsecurity/46805", "content": "\u203c CVE-2022-34502 \u203c\n\nRadare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T18:19:33.000000Z"}]}