CVE-2022-2007 — Use After Free in Google Chrome

CWE-416 — Use After Free CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents12 sources

Severity

8.8HIGHNVD

CISA9.8CISA7.8

EPSS

1.1%

top 22.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium +3 more

Timeline

PublishedJul 28

Latest updateOct 27

Description

Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5google/chromeunspecified — 102.0.5005.115

▶NVDgoogle/chrome< 102.0.5005.115

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 102.0.5005.115-1 (bookworm)

▶Debianchromium/chromium< 102.0.5005.115-1~deb11u1+3

Also affects: Fedora 37

🔴Vulnerability Details

GHSA

GHSA-7ff5-q47c-m79f: Use after free in WebGPU in Google Chrome prior to 102↗2022-07-29

▶

OSV

CVE-2022-2007: Use after free in WebGPU in Google Chrome prior to 102↗2022-07-28

▶

💥Exploits & PoCs

Exploit-DB

News Rover 12.1 Rev 1 - Stack Overflow (2)↗2007-02-24

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2022-2007 Use after free in WebGPU↗2022-06-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2022-2007↗2022-06-09

▶

CISA

Adobe Acrobat and Reader Buffer Overflow Vulnerability↗2022-06-08

▶

CISA

Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability↗2022-04-15

▶

Debian

CVE-2022-2007: chromium - Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remo...↗2022

▶

🕵️Threat Intelligence

Trendmicro

Where is the Origin QAKBOT Uses Valid Code Signing↗2022-10-27

▶

Qualys

June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical.↗2022-06-14

▶

Qualys

June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical. | Qualys↗2022-06-14

▶

💬Community

Bugzilla

CVE-2007-2022 kdebase3 flash-player interaction problem↗2007-06-10

▶