CVE-2022-2742

Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)
References
Link Resource
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html Release Notes Vendor Advisory
https://crbug.com/1319172 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
OR cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:google:linux_and_chrome_os:-:*:*:*:*:*:*:*

History

22 Oct 2024, 17:35

Type Values Removed Values Added
Summary
  • (es) El Use-After-Free en Exosphere en Google Chrome en Chrome OS y Lacros antes de 104.0.5112.79 permitía a un atacante remoto convencer a un usuario de participar en interacciones de IU específicas para explotar potencialmente la corrupción del almacenamiento dinámico a través de interacciones de IU manipuladas. (Severidad de seguridad de Chrome: alta)
CWE CWE-416

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-416 CWE-362

Information

Published : 2023-01-02 23:15

Updated : 2024-10-22 17:35


NVD link : CVE-2022-2742

Mitre link : CVE-2022-2742

CVE.ORG link : CVE-2022-2742


JSON object : View

Products Affected

google

  • chrome_os
  • chrome
  • linux_and_chrome_os
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free