CVE-2022-0459Use After Free in Google Chrome

CWE-416Use After Free12 documents7 sources
Severity
8.8HIGHNVD
OSV5.5OSV4.7
EPSS
0.5%
top 32.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumLinux Kernel+3 more
Timeline
PublishedApr 5
Latest updateJul 18

Description

Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5google/chromeunspecified98.0.4758.80
NVDgoogle/chrome< 98.0.4758.80
debiandebian/chromium< chromium 98.0.4758.80-1 (bookworm)
Debianchromium/chromium< 98.0.4758.80-1~deb11u1+3

🔴Vulnerability Details

7
OSV
linux-oem-6.0 vulnerabilities2023-07-18
OSV
linux-oracle, linux-oracle-5.4 vulnerabilities2023-05-30
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2023-05-25
OSV
linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm vulnerabilities2023-05-22
OSV
linux-raspi vulnerabilities2023-05-17

📋Vendor Advisories

3
Microsoft
Chromium: CVE-2022-0459 Use after free in Screen Capture2022-02-08
Chrome
Stable Channel Update for Desktop: CVE-2022-04592022-02-01
Debian
CVE-2022-0459: chromium - Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed ...2022

💬Community

1
Bugzilla
CVE-2023-0459 kernel: Copy_from_user on 64-bit versions may leak kernel information2023-06-21