CVE-2022-2008Double Free in Google Chrome

CWE-415Double FreeCWE-94Code InjectionCWE-400Uncontrolled Resource ConsumptionCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-26423 documents14 sources
Severity
8.8HIGHNVD
GHSA7.3CISA7.8
EPSS
0.7%
top 27.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
30
Google ChromeChromiumGithub.com Migueldeicaza Swiftterm+27 more
Timeline
PublishedJul 28
Latest updateJul 14

Description

Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages30 packages

CVEListV5google/chromeunspecified102.0.5005.115
NVDgoogle/chrome< 102.0.5005.115
debiandebian/chromium< chromium 102.0.5005.115-1 (bookworm)

Also affects: Fedora 37

🔴Vulnerability Details

3
GHSA
SwiftTerm Code Injection vulnerability2023-07-14
GHSA
GHSA-999f-6jgc-2cc6: Double free in WebGL in Google Chrome prior to 1022022-07-29
OSV
CVE-2022-2008: Double free in WebGL in Google Chrome prior to 1022022-07-28

📋Vendor Advisories

7
Microsoft
Chromium: CVE-2022-2008 Out of bounds memory access in WebGL2022-06-14
Chrome
Stable Channel Update for Desktop: CVE-2022-20072022-06-09
CISA
Adobe Reader and Acrobat Input Validation Vulnerability2022-03-03
CISA
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability2022-03-03
CISA
Oracle VirtualBox Insufficient Input Validation Vulnerability2022-03-03

🕵️Threat Intelligence

2
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical.2022-06-14
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical. | Qualys2022-06-14