CVE-2022-2010Out-of-bounds Read in Google Chrome

CWE-125Out-of-bounds ReadCWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-22Path TraversalCWE-805Buffer Access with Incorrect Length ValueCWE-77Command InjectionCWE-94Code InjectionCWE-264CWE-787Out-of-bounds Write29 documents10 sources
Severity
9.3CRITICALNVD
CISA10.0CISA9.8CISA8.8CISA7.8CISA7.5CISA7.3CISA5.3
EPSS
1.1%
top 21.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedJul 28
Latest updateSep 15

Description

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.8

Affected Packages6 packages

CVEListV5google/chromeunspecified102.0.5005.115
NVDgoogle/chrome< 102.0.5005.115
debiandebian/chromium< chromium 102.0.5005.115-1 (bookworm)
Debianchromium/chromium< 102.0.5005.115-1~deb11u1+3

Also affects: Fedora 37

🔴Vulnerability Details

2
GHSA
GHSA-3h6m-v52v-hvmw: Out of bounds read in compositing in Google Chrome prior to 1022022-07-29
OSV
CVE-2022-2010: Out of bounds read in compositing in Google Chrome prior to 1022022-07-28

📋Vendor Advisories

22
CISA
Microsoft Windows Remote Code Execution Vulnerability2022-09-15
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2022-20102022-07-27
Microsoft
Chromium: CVE-2022-2010 Out of bounds read in compositing2022-06-14
Chrome
Stable Channel Update for Desktop: CVE-2022-20072022-06-09
CISA
Microsoft PowerPoint Buffer Overflow Vulnerability2022-06-08

🕵️Threat Intelligence

2
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical.2022-06-14
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical. | Qualys2022-06-14