CVE-2022-39266 isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface
This is a low severity issue because it does not allow for remote code execution. However, it could be used for privilege escalation or other attacks if an attacker can force a trusted v8 instance to load malicious code.
If you use any of the above libraries, make sure they are fully reviewed before being used in production applications.
V8
Data Leak
The issue is that V8 Data Leak allows for remote code execution and could be used for privilege escalation or other attacks.
Vulnerability found in Chromium browser
A vulnerability has been found in the Chromium browser that allows for remote code execution. The developer release of this vulnerability was closed on July 29, but there are still users who are running it. This vulnerability would allow an attacker to run malicious code with root access on a targeted system.
Timeline
Published on: 09/29/2022 18:15:00 UTC
Last modified on: 10/06/2022 13:00:00 UTC